From 75a2a82d60367a4d5d1fe3eaf4c6bc07e9800aa7 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 21 Feb 2024 16:26:47 +0100 Subject: [PATCH] parser-cov: further tweaks to key event matching Resolves: https://issues.redhat.com/browse/OSH-552 --- src/lib/parser-cov.cc | 35 +- tests/csdiff/CMakeLists.txt | 1 + .../19-cov-parser-key-event-add-z.err | 9 + .../diff-misc/19-cov-parser-key-event-add.err | 9 + .../19-cov-parser-key-event-fix-z.err | 9 + .../diff-misc/19-cov-parser-key-event-fix.err | 9 + .../diff-misc/19-cov-parser-key-event-new.err | 24104 +++ .../diff-misc/19-cov-parser-key-event-old.err | 163783 +++++++++++++++ .../0044-csparser-new-key-evts-stdout.txt | 4 +- ...070-csparser-included-from-note-stdout.txt | 12 +- 10 files changed, 187959 insertions(+), 16 deletions(-) create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-add-z.err create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-add.err create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-fix-z.err create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-fix.err create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-new.err create mode 100644 tests/csdiff/diff-misc/19-cov-parser-key-event-old.err diff --git a/src/lib/parser-cov.cc b/src/lib/parser-cov.cc index 37a401cc..493d0f4f 100644 --- a/src/lib/parser-cov.cc +++ b/src/lib/parser-cov.cc @@ -241,26 +241,31 @@ KeyEventDigger::KeyEventDigger(): d->hMap["CALL_SUPER"] .insert("missing_super_call"); d->hMap["CHECKED_RETURN"] .insert("check_return"); d->hMap["CHROOT"] .insert("chroot_call"); + d->hMap["COM.BAD_FREE"] .insert("free"); d->hMap["CTOR_DTOR_LEAK"] .insert("alloc_fn"); d->hMap["CTOR_DTOR_LEAK"] .insert("alloc_new"); d->hMap["DEADCODE"] .insert("dead_error_begin"); d->hMap["DEADCODE"] .insert("dead_error_line"); d->hMap["EXPLICIT_THIS_EXPECTED"] .insert("implicit_this_used"); - d->hMap["HARDCODED_CREDENTIALS"] .insert("sink"); d->hMap["LOCK"] .insert("double_lock"); d->hMap["LOCK"] .insert("double_unlock"); d->hMap["LOCK"] .insert("missing_unlock"); d->hMap["LOCK_EVASION"] .insert("thread1_overwrites_value_in_field"); d->hMap["LOCK_EVASION"] .insert("thread2_checks_field_early"); + d->hMap["LOCK_INVERSION"] .insert("lock_order"); + d->hMap["INFINITE_LOOP"] .insert("loop_top"); d->hMap["MISSING_BREAK"] .insert("unterminated_case"); d->hMap["MISSING_RESTORE"] .insert("end_of_path"); d->hMap["MISSING_RESTORE"] .insert("end_of_scope"); + d->hMap["MISSING_RESTORE"] .insert("exception"); d->hMap["MULTIPLE_INIT_SMART_PTRS"] .insert("multiple_init_smart_ptr"); d->hMap["NESTING_INDENT_MISMATCH"] .insert("actual_if"); d->hMap["NESTING_INDENT_MISMATCH"] .insert("multi_stmt_macro"); d->hMap["NESTING_INDENT_MISMATCH"] .insert("on_same_line"); d->hMap["NESTING_INDENT_MISMATCH"] .insert("uncle"); + d->hMap["OPEN_REDIRECT"] .insert("sink"); d->hMap["ORDER_REVERSAL"] .insert("lock_order"); + d->hMap["OS_CMD_INJECTION"] .insert("os_cmd_sink"); d->hMap["OVERLAPPING_COPY"] .insert("overlapping_assignment"); d->hMap["OVERLAPPING_COPY"] .insert("overlapping_copy"); d->hMap["OVERRUN_STATIC"] .insert("index_parm"); @@ -271,8 +276,9 @@ KeyEventDigger::KeyEventDigger(): d->hMap["RESOURCE_LEAK"] .insert("overwrite_var"); d->hMap["REVERSE_INULL"] .insert("check_after_deref"); d->hMap["REVERSE_NEGATIVE"] .insert("check_after_sink"); + d->hMap["SENSITIVE_DATA_LEAK"] .insert("sink"); + d->hMap["SERVLET_ATOMICITY"] .insert("set_attribute"); d->hMap["STREAM_FORMAT_STATE"] .insert("end_of_path"); - d->hMap["STRING_OVERFLOW"] .insert("fixed_size_dest"); d->hMap["TAINTED_SCALAR"] .insert("tainted_data"); d->hMap["TOCTOU"] .insert("fs_check_call"); d->hMap["UNEXPECTED_CONTROL_FLOW"] .insert("continue_in_do_while_false"); @@ -280,14 +286,10 @@ KeyEventDigger::KeyEventDigger(): d->hMap["UNINIT"] .insert("uninit_use_in_call"); d->hMap["UNINIT_CTOR"] .insert("member_not_init_in_gen_ctor"); d->hMap["UNINIT_CTOR"] .insert("uninit_member"); - d->hMap["UNUSED_VALUE"] .insert("assigned_pointer"); - d->hMap["UNUSED_VALUE"] .insert("assigned_value"); - d->hMap["UNUSED_VALUE"] .insert("returned_pointer"); - d->hMap["UNUSED_VALUE"] .insert("returned_value"); + d->hMap["UNLOCKED_ACCESS"] .insert("thread_unsafe_modification"); d->hMap["VARARGS"] .insert("missing_va_end"); d->hMap["WRAPPER_ESCAPE"] .insert("escape"); d->hMap["WRAPPER_ESCAPE"] .insert("use_after_free"); - d->hMap["URL_MANIPULATION"] .insert("url_manipulation_sink"); // we use COMPILER_WARNING as checker for compiler errors/warnings d->hMap["COMPILER_WARNING"] .insert("error"); @@ -306,17 +308,27 @@ KeyEventDigger::KeyEventDigger(): d->hMap["OWASP_ZAP_WARNING"] .insert("alert"); // list of checkers where we take the _last_ matched key event + d->searchBackwards.insert("COMPILER_WARNING"); d->searchBackwards.insert("CONSTANT_EXPRESSION_RESULT"); + d->searchBackwards.insert("DELETE_ARRAY"); d->searchBackwards.insert("FORWARD_NULL"); + d->searchBackwards.insert("HARDCODED_CREDENTIALS"); + d->searchBackwards.insert("HEADER_INJECTION"); + d->searchBackwards.insert("INSUFFICIENT_LOGGING"); d->searchBackwards.insert("LOCK"); d->searchBackwards.insert("INVALIDATE_ITERATOR"); d->searchBackwards.insert("NULL_RETURNS"); d->searchBackwards.insert("OVERRUN"); + d->searchBackwards.insert("PATH_MANIPULATION"); d->searchBackwards.insert("RESOURCE_LEAK"); d->searchBackwards.insert("RETURN_LOCAL"); d->searchBackwards.insert("UNINIT"); d->searchBackwards.insert("UNINIT_CTOR"); + d->searchBackwards.insert("UNUSED_VALUE"); + d->searchBackwards.insert("URL_MANIPULATION"); d->searchBackwards.insert("USE_AFTER_FREE"); + d->searchBackwards.insert("VOLATILE_ATOMICITY"); + d->searchBackwards.insert("WRITE_CONST_FIELD"); // events that should never be used as key events (excluding trace events) d->denyList.insert("another_instance"); @@ -409,6 +421,7 @@ bool KeyEventDigger::guessKeyEvent(Defect *def) // take the first eligible key event bool valid = false; + bool eligible = false; for (unsigned idx = 0; idx < evtCount; ++idx) { const DefEvent &evt = evtList[idx]; if (evt.event == "#") @@ -421,6 +434,11 @@ bool KeyEventDigger::guessKeyEvent(Defect *def) valid = true; } + const bool findLastMatch = d->searchBackwards.count(def->checker); + if (findLastMatch && !eligible) + // no eligible event yet --> select the _last_ valid event + def->keyEventIdx = idx; + // skip trace and deny-listed events const std::string &evtName = evt.event; if (d->traceEvts.count(evtName) || d->denyList.count(evtName)) @@ -428,7 +446,8 @@ bool KeyEventDigger::guessKeyEvent(Defect *def) // matched def->keyEventIdx = idx; - if (!d->searchBackwards.count(def->checker)) + eligible = true; + if (!findLastMatch) // checker not listed in d->searchBackwards --> take the first match break; } diff --git a/tests/csdiff/CMakeLists.txt b/tests/csdiff/CMakeLists.txt index a603867b..b19ec04e 100644 --- a/tests/csdiff/CMakeLists.txt +++ b/tests/csdiff/CMakeLists.txt @@ -83,5 +83,6 @@ test_csdiff(diff-misc 15-gcc-prof-filter) test_csdiff(diff-misc 16-cov-parser-key-event) test_csdiff(diff-misc 17-cov-parser-key-event) test_csdiff(diff-misc 18-cov-parser-key-event) +test_csdiff(diff-misc 19-cov-parser-key-event) add_subdirectory(filter-file) diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-add-z.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-add-z.err new file mode 100644 index 00000000..f1759495 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-add-z.err @@ -0,0 +1,9 @@ +Error: SOCKET_ACCEPT_ALL_ORIGINS (CWE-942): +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "function anonymous%1" always returns "true". +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "Upgrader.CheckOrigin()" always returns "true" to accept requests from all origins. +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: Modify the "Upgrader.CheckOrigin()" function to only return "true" for trusted origins, or remove the function completely since the default "Upgrader" will only create "WebSocket" connections with clients from the same origin. +# 300| // don't return errors to maintain backwards compatibility +# 301| } +# 302|-> u.CheckOrigin = func(r *http.Request) bool { +# 303| // allow all connections by default +# 304| return true diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-add.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-add.err new file mode 100644 index 00000000..f1759495 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-add.err @@ -0,0 +1,9 @@ +Error: SOCKET_ACCEPT_ALL_ORIGINS (CWE-942): +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "function anonymous%1" always returns "true". +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "Upgrader.CheckOrigin()" always returns "true" to accept requests from all origins. +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: Modify the "Upgrader.CheckOrigin()" function to only return "true" for trusted origins, or remove the function completely since the default "Upgrader" will only create "WebSocket" connections with clients from the same origin. +# 300| // don't return errors to maintain backwards compatibility +# 301| } +# 302|-> u.CheckOrigin = func(r *http.Request) bool { +# 303| // allow all connections by default +# 304| return true diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-fix-z.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-fix-z.err new file mode 100644 index 00000000..f1759495 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-fix-z.err @@ -0,0 +1,9 @@ +Error: SOCKET_ACCEPT_ALL_ORIGINS (CWE-942): +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "function anonymous%1" always returns "true". +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "Upgrader.CheckOrigin()" always returns "true" to accept requests from all origins. +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: Modify the "Upgrader.CheckOrigin()" function to only return "true" for trusted origins, or remove the function completely since the default "Upgrader" will only create "WebSocket" connections with clients from the same origin. +# 300| // don't return errors to maintain backwards compatibility +# 301| } +# 302|-> u.CheckOrigin = func(r *http.Request) bool { +# 303| // allow all connections by default +# 304| return true diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-fix.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-fix.err new file mode 100644 index 00000000..f1759495 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-fix.err @@ -0,0 +1,9 @@ +Error: SOCKET_ACCEPT_ALL_ORIGINS (CWE-942): +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "function anonymous%1" always returns "true". +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "Upgrader.CheckOrigin()" always returns "true" to accept requests from all origins. +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: Modify the "Upgrader.CheckOrigin()" function to only return "true" for trusted origins, or remove the function completely since the default "Upgrader" will only create "WebSocket" connections with clients from the same origin. +# 300| // don't return errors to maintain backwards compatibility +# 301| } +# 302|-> u.CheckOrigin = func(r *http.Request) bool { +# 303| // allow all connections by default +# 304| return true diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-new.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-new.err new file mode 100644 index 00000000..985fd256 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-new.err @@ -0,0 +1,24104 @@ +Error: WRITE_CONST_FIELD (CWE-843): +brltty-6.3/python3/Headers/brl_types.h:126: field_definition: A const-qualified field is defined. +brltty-6.3/python3/Programs/brlapi_server.c:4330: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 4328| logMessage(LOG_CATEGORY(SERVER_EVENTS), "api link"); +# 4329| trueBraille=braille; +# 4330|-> memcpy(&ApiBraille,braille,sizeof(BrailleDriver)); +# 4331| ApiBraille.writeWindow=api_writeWindow; +# 4332| ApiBraille.readCommand=api_readCommand; + +Error: WRITE_CONST_FIELD (CWE-843): +gcc-4.8.5-20150702/gcc/gcc.c:959: field_definition: A const-qualified field is defined. +gcc-4.8.5-20150702/gcc/gcc.c:1990: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 1988| compilers[n_compilers].spec = spec; +# 1989| n_compilers++; +# 1990|-> memset (&compilers[n_compilers], 0, sizeof compilers[n_compilers]); +# 1991| } +# 1992| + +Error: WRITE_CONST_FIELD (CWE-843): +gcc-4.8.5-20150702/gcc/gcc.c:959: field_definition: A const-qualified field is defined. +gcc-4.8.5-20150702/gcc/gcc.c:6636: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 6634| +# 6635| compilers = XNEWVAR (struct compiler, sizeof default_compilers); +# 6636|-> memcpy (compilers, default_compilers, sizeof default_compilers); +# 6637| n_compilers = n_default_compilers; +# 6638| + +Error: RETURN_LOCAL (CWE-562): +gcc-4.8.5-20150702/gcc/loop-unroll.c:2037: local_ptr_assign_local: Assigning: "ret" = "&expr" (address of local variable "expr"). +gcc-4.8.5-20150702/gcc/loop-unroll.c:2039: path: Condition "i < ivts->n_loc", taking false branch. +gcc-4.8.5-20150702/gcc/loop-unroll.c:2042: return_local_addr_alias: Returning pointer "ret" which points to local variable "expr". +# 2040| ret = &XEXP (*ret, ivts->loc[i]); +# 2041| +# 2042|-> return ret; +# 2043| } +# 2044| + +Error: PATH_MANIPULATION (CWE-22): +criu-3.18/criu/fsnotify.c:125: path: Condition "m", taking true branch. +criu-3.18/criu/fsnotify.c:130: path: Condition "m->s_dev != s_dev", taking true branch. +criu-3.18/criu/fsnotify.c:131: path: Continuing loop. +criu-3.18/criu/fsnotify.c:125: path: Condition "m", taking true branch. +criu-3.18/criu/fsnotify.c:130: path: Condition "m->s_dev != s_dev", taking false branch. +criu-3.18/criu/fsnotify.c:132: path: Condition "!mnt_is_dir(m)", taking false branch. +criu-3.18/criu/fsnotify.c:138: path: Condition "mntfd < 0", taking false branch. +criu-3.18/criu/fsnotify.c:141: tainted_return_value: Function "__userns_call" returns tainted data. +criu-3.18/criu/fsnotify.c:141: var_assign: Assigning: "fd" = "__userns_call("open_by_handle", open_by_handle, 2, &handle, 136UL, mntfd)", which taints "fd". +criu-3.18/criu/fsnotify.c:143: path: Condition "fd < 0", taking false branch. +criu-3.18/criu/fsnotify.c:143: lower_bounds: Checking lower bounds of signed scalar "fd" by taking the false branch of "fd < 0". +criu-3.18/criu/fsnotify.c:147: path_manipulation_sink: Constructing a path or URI using the tainted value "fd" and passing it to "read_fd_link". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +criu-3.18/criu/fsnotify.c:147: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 145| suitable_mount_found = 1; +# 146| +# 147|-> if (read_fd_link(fd, buf, sizeof(buf)) < 0) { +# 148| close(fd); +# 149| goto err; + +Error: PATH_MANIPULATION (CWE-22): +criu-3.18/criu/fsnotify.c:593: path: Condition "fme->type == MARK_TYPE__MOUNT", taking false branch. +criu-3.18/criu/fsnotify.c:620: path: Condition "fme->type == MARK_TYPE__INODE", taking true branch. +criu-3.18/criu/fsnotify.c:621: tainted_return_value: Function "get_mark_path" returns tainted data. +criu-3.18/criu/fsnotify.c:621: tainted_data_transitive: Call to function "get_mark_path" with tainted argument "buf" transitively taints "*get_mark_path("fanotify", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)". +criu-3.18/criu/fsnotify.c:621: var_assign: Assigning: "path" = "get_mark_path("fanotify", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)", which taints "path". +criu-3.18/criu/fsnotify.c:623: path: Condition "!path", taking false branch. +criu-3.18/criu/fsnotify.c:625: path: Falling through to end of if statement. +criu-3.18/criu/fsnotify.c:632: path: Condition "(*mark).fme->mask", taking true branch. +criu-3.18/criu/fsnotify.c:633: path_manipulation_sink: Constructing a path or URI using the tainted value "*path" and passing it to "fanotify_mark". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +criu-3.18/criu/fsnotify.c:633: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 631| +# 632| if (mark->fme->mask) { +# 633|-> ret = fanotify_mark(fd, flags, fme->mask, AT_FDCWD, path); +# 634| if (ret) { +# 635| pr_err("Adding fanotify mask 0x%x on 0x%x/%s failed (%d)\n", fme->mask, fme->id, path, ret); + +Error: PATH_MANIPULATION (CWE-22): +criu-3.18/criu/fsnotify.c:593: path: Condition "fme->type == MARK_TYPE__MOUNT", taking false branch. +criu-3.18/criu/fsnotify.c:620: path: Condition "fme->type == MARK_TYPE__INODE", taking true branch. +criu-3.18/criu/fsnotify.c:621: tainted_return_value: Function "get_mark_path" returns tainted data. +criu-3.18/criu/fsnotify.c:621: tainted_data_transitive: Call to function "get_mark_path" with tainted argument "buf" transitively taints "*get_mark_path("fanotify", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)". +criu-3.18/criu/fsnotify.c:621: var_assign: Assigning: "path" = "get_mark_path("fanotify", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)", which taints "path". +criu-3.18/criu/fsnotify.c:623: path: Condition "!path", taking false branch. +criu-3.18/criu/fsnotify.c:625: path: Falling through to end of if statement. +criu-3.18/criu/fsnotify.c:632: path: Condition "(*mark).fme->mask", taking false branch. +criu-3.18/criu/fsnotify.c:640: path: Condition "fme->ignored_mask", taking true branch. +criu-3.18/criu/fsnotify.c:641: path_manipulation_sink: Constructing a path or URI using the tainted value "*path" and passing it to "fanotify_mark". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +criu-3.18/criu/fsnotify.c:641: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 639| +# 640| if (fme->ignored_mask) { +# 641|-> ret = fanotify_mark(fd, flags | FAN_MARK_IGNORED_MASK, fme->ignored_mask, AT_FDCWD, path); +# 642| if (ret) { +# 643| pr_err("Adding fanotify ignored-mask 0x%x on 0x%x/%s failed (%d)\n", fme->ignored_mask, fme->id, + +Error: RETURN_LOCAL (CWE-562): +cups-2.3.3op2/cups/dest-localization.c:286: path: Condition "!http", taking false branch. +cups-2.3.3op2/cups/dest-localization.c:286: path: Condition "!dest", taking false branch. +cups-2.3.3op2/cups/dest-localization.c:286: path: Condition "!dinfo", taking false branch. +cups-2.3.3op2/cups/dest-localization.c:289: path: Condition "!strcmp(option, "media")", taking false branch. +cups-2.3.3op2/cups/dest-localization.c:305: path: Condition "!dinfo->localizations", taking true branch. +cups-2.3.3op2/cups/dest-localization.c:310: path: Condition "(match = (_cups_message_t *)cupsArrayFind(dinfo->localizations, &key)) != NULL", taking false branch. +cups-2.3.3op2/cups/dest-localization.c:312: local_addr: Address of local variable "pair". +cups-2.3.3op2/cups/dest-localization.c:312: identity_transfer: Passing "pair" as argument 2 to function "_cupsLangString", which returns that argument. +cups-2.3.3op2/cups/dest-localization.c:312: local_ptr_assign_ptr: Assigning: "localized" = "_cupsLangString(cupsLangDefault(), pair)". +cups-2.3.3op2/cups/dest-localization.c:312: path: Condition "(localized = _cupsLangString(cupsLangDefault(), pair)) != NULL", taking true branch. +cups-2.3.3op2/cups/dest-localization.c:312: path: Condition "strcmp(localized, pair)", taking true branch. +cups-2.3.3op2/cups/dest-localization.c:313: return_local_addr_alias: Returning pointer "localized" which points to local variable "pair". +# 311| return (match->str); +# 312| else if ((localized = _cupsLangString(cupsLangDefault(), pair)) != NULL && strcmp(localized, pair)) +# 313|-> return (localized); +# 314| else +# 315| return (value); + +Error: PATH_MANIPULATION (CWE-22): +cups-2.3.3op2/scheduler/client.c:631: path: Condition "httpIsChunked(con->http)", taking true branch. +cups-2.3.3op2/scheduler/client.c:631: path: Condition "con->request", taking true branch. +cups-2.3.3op2/scheduler/client.c:633: path: Condition "httpError(con->http) == 32", taking true branch. +cups-2.3.3op2/scheduler/client.c:633: path: Condition "!httpGetReady(con->http)", taking false branch. +cups-2.3.3op2/scheduler/client.c:644: path: Condition "httpGetState(con->http) == HTTP_STATE_GET_SEND", taking false branch. +cups-2.3.3op2/scheduler/client.c:644: path: Condition "httpGetState(con->http) == HTTP_STATE_POST_SEND", taking false branch. +cups-2.3.3op2/scheduler/client.c:644: path: Condition "httpGetState(con->http) == HTTP_STATE_STATUS", taking false branch. +cups-2.3.3op2/scheduler/client.c:659: path: Condition "con->auto_ssl", taking true branch. +cups-2.3.3op2/scheduler/client.c:667: tainted_argument: Calling function "recv" taints argument "*buf". [Note: The source code implementation of the function has been overridden by a builtin model.] +cups-2.3.3op2/scheduler/client.c:667: path: Condition "recv(httpGetFd(con->http), buf, 1, MSG_PEEK) == 1", taking true branch. +cups-2.3.3op2/scheduler/client.c:667: path: Condition "!buf[0]", taking false branch. +cups-2.3.3op2/scheduler/client.c:667: path: Condition "!strchr("DGHOPT", buf[0])", taking false branch. +cups-2.3.3op2/scheduler/client.c:684: path: Switch case value "HTTP_STATE_OPTIONS". +cups-2.3.3op2/scheduler/client.c:841: path: Condition "(status = httpUpdate(con->http)) == HTTP_STATUS_CONTINUE", taking false branch. +cups-2.3.3op2/scheduler/client.c:845: path: Condition "status != HTTP_STATUS_OK", taking false branch. +cups-2.3.3op2/scheduler/client.c:859: path: Breaking from switch. +cups-2.3.3op2/scheduler/client.c:881: path: Condition "status == HTTP_STATUS_OK", taking true branch. +cups-2.3.3op2/scheduler/client.c:893: path: Condition "!strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), "Mozilla/", 8)", taking true branch. +cups-2.3.3op2/scheduler/client.c:895: path: Condition "httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0]", taking true branch. +cups-2.3.3op2/scheduler/client.c:902: path: Condition "(ptr = strchr(httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE), 44)) != NULL", taking true branch. +cups-2.3.3op2/scheduler/client.c:906: path: Condition "(ptr = strchr(httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE), 59)) != NULL", taking true branch. +cups-2.3.3op2/scheduler/client.c:910: path: Condition "(ptr = strstr(httpGetField(con->http, HTTP_FIELD_CONTENT_TYPE), "charset=")) != NULL", taking true branch. +cups-2.3.3op2/scheduler/client.c:921: path: Condition "(ptr = strchr(locale, 44)) != NULL", taking true branch. +cups-2.3.3op2/scheduler/client.c:923: path: Falling through to end of if statement. +cups-2.3.3op2/scheduler/client.c:929: path: Falling through to end of if statement. +cups-2.3.3op2/scheduler/client.c:935: path: Condition "!_cups_strncasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Keep-Alive", 10)", taking true branch. +cups-2.3.3op2/scheduler/client.c:935: path: Condition "KeepAlive", taking true branch. +cups-2.3.3op2/scheduler/client.c:937: path: Falling through to end of if statement. +cups-2.3.3op2/scheduler/client.c:942: path: Condition "!httpGetField(con->http, HTTP_FIELD_HOST)[0]", taking true branch. +cups-2.3.3op2/scheduler/client.c:942: path: Condition "httpGetVersion(con->http) >= HTTP_VERSION_1_1", taking false branch. +cups-2.3.3op2/scheduler/client.c:956: path: Condition "!valid_host(con)", taking false branch. +cups-2.3.3op2/scheduler/client.c:973: path: Condition "con->operation == HTTP_STATE_OPTIONS", taking false branch. +cups-2.3.3op2/scheduler/client.c:1028: path: Condition "!is_path_absolute(con->uri)", taking false branch. +cups-2.3.3op2/scheduler/client.c:1045: path: Condition "!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade")", taking true branch. +cups-2.3.3op2/scheduler/client.c:1045: path: Condition "!httpIsEncrypted(con->http)", taking false branch. +cups-2.3.3op2/scheduler/client.c:1076: path: Condition "(status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK", taking false branch. +cups-2.3.3op2/scheduler/client.c:1083: path: Condition "httpGetExpect(con->http)", taking true branch. +cups-2.3.3op2/scheduler/client.c:1083: path: Condition "con->operation == HTTP_STATE_POST", taking false branch. +cups-2.3.3op2/scheduler/client.c:1083: path: Condition "con->operation == HTTP_STATE_PUT", taking false branch. +cups-2.3.3op2/scheduler/client.c:1113: path: Switch case value "HTTP_STATE_GET_SEND". +cups-2.3.3op2/scheduler/client.c:1118: path_manipulation_sink: Constructing a path or URI using the tainted value "buf" and passing it to "get_file". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +cups-2.3.3op2/scheduler/client.c:1118: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 1116| cupsdLogClient(con, CUPSD_LOG_DEBUG, "Processing GET %s", con->uri); +# 1117| +# 1118|-> if ((filename = get_file(con, &filestats, buf, sizeof(buf))) != NULL) +# 1119| { +# 1120| type = mimeFileType(MimeDatabase, filename, NULL, NULL); + +Error: WRITE_CONST_FIELD (CWE-843): +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:289: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:287: field_definition: A const-qualified field is defined. +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:303: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 301| with the first recv() call. +# 302| */ +# 303|-> i_zero(&buf); +# 304| i_zero(&rbuf); +# 305| + +Error: WRITE_CONST_FIELD (CWE-843): +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:289: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:287: field_definition: A const-qualified field is defined. +dovecot-2.3.16/src/lib-master/master-service-haproxy.c:337: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 335| return -1; +# 336| } +# 337|-> memcpy(&buf, rbuf, sizeof(buf)); +# 338| version = HAPROXY_VERSION_2; +# 339| } else { + +Error: WRITE_CONST_FIELD (CWE-843): +dovecot-2.3.16/src/lib/buffer.c:9: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.c:10: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:5: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:6: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:8: field_definition: A const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.c:112: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 110| +# 111| buf = (struct real_buffer *)buffer; +# 112|-> i_zero(buf); +# 113| buf->alloc = buf->max_size = size; +# 114| buf->r_buffer = buf->w_buffer = data; + +Error: WRITE_CONST_FIELD (CWE-843): +dovecot-2.3.16/src/lib/buffer.c:9: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.c:10: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:5: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:6: nested_field_definition: A nested aggregate with a const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.h:8: field_definition: A const-qualified field is defined. +dovecot-2.3.16/src/lib/buffer.c:130: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 128| +# 129| buf = (struct real_buffer *)buffer; +# 130|-> i_zero(buf); +# 131| +# 132| buf->used = buf->alloc = buf->max_size = size; + +Error: INVALIDATE_ITERATOR (CWE-119): +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:704: path: Condition "i != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:712: path: Condition "j != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:735: path: Condition "(*i)->size() == (*j)->size()", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:735: path: Condition "i_subStringLength == j_subStringLength", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:735: path: Condition "i_diffpos != std::__cxx11::basic_string, std::allocator >::iterator((*i)->end())", taking false branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:778: path: Jumping back to the beginning of the loop. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:712: path: Condition "j != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())", taking false branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:783: path: Condition "!listOfDifferences.empty()", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:798: path: Condition "!maxvalue.empty()", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:805: past_the_end: Function "end" creates an iterator. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:805: identity_transfer: Passing "i_modifiedString.end()" as argument 2 to function "find_if", which returns that argument. +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:805: assign: Assigning: "diffpos" = "std::find_if(i_modifiedString.begin(), i_modifiedString.end(), isMarker)". +dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C:811: deref_iterator: Dereferencing iterator "diffpos" though it is already past the end of its container. +# 809| #endif +# 810| +# 811|-> *diffpos = maxvalue[0]; +# 812| // modifiedString = copyEdit(modifiedString,string("$Y"),maxvalue); +# 813| + +Error: INVALIDATE_ITERATOR (CWE-119): +dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C:148: path: Condition "this->IsResultBounded(Dyninst::AST::Ptr(ast))", taking true branch. +dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C:149: find: Calling "find" with element "ast.get()" returns the end iterator. +dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C:149: assign: Assigning: "" = "this->bound.find(std::map, std::allocator > >::key_type const(ast.get()))". +dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C:149: deref_iterator: Dereferencing iterator "this->bound.find(std::map, std::allocator > >::key_type const(ast.get()))" though it is already past the end of its container. +# 147| StridedInterval* BoundCalcVisitor::GetResultBound(AST::Ptr ast) { +# 148| if (IsResultBounded(ast)) { +# 149|-> return bound.find(ast.get())->second; +# 150| } else { +# 151| return NULL; + +Error: LOCK (CWE-665): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:1599: unlock: "int_thread" initializes and leaves "this->regpool_lock" unlocked. +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:1600: double_initialization: "thread_db_thread" initializes "this->regpool_lock" while it is already initialized. +# 1598| linux_thread::linux_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : +# 1599| int_thread(p, t, l), +# 1600|-> thread_db_thread(p, t, l), +# 1601| postponed_syscall_event(NULL), +# 1602| generator_started_exit_processing(false) + +Error: LOCK (CWE-665): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3063: unlock: "int_thread" initializes and leaves "this->regpool_lock" unlocked. +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3064: double_initialization: "thread_db_thread" initializes "this->regpool_lock" while it is already initialized. +# 3062| linux_x86_thread::linux_x86_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : +# 3063| int_thread(p, t, l), +# 3064|-> thread_db_thread(p, t, l), +# 3065| linux_thread(p, t, l), +# 3066| x86_thread(p, t, l) + +Error: LOCK (CWE-667): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3072: destroy: "~linux_thread" destroys "this->regpool_lock". +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3072: uninitialized_use: "~x86_thread" uses "this->regpool_lock" in an uninitialized state. +# 3070| linux_x86_thread::~linux_x86_thread() +# 3071| { +# 3072|-> } +# 3073| +# 3074| linux_ppc_thread::linux_ppc_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : + +Error: LOCK (CWE-665): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3075: unlock: "int_thread" initializes and leaves "this->regpool_lock" unlocked. +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3076: double_initialization: "thread_db_thread" initializes "this->regpool_lock" while it is already initialized. +# 3074| linux_ppc_thread::linux_ppc_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : +# 3075| int_thread(p, t, l), +# 3076|-> thread_db_thread(p, t, l), +# 3077| linux_thread(p, t, l), +# 3078| ppc_thread(p, t, l) + +Error: LOCK (CWE-667): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3084: destroy: "~linux_thread" destroys "this->regpool_lock". +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3084: uninitialized_use: "~ppc_thread" uses "this->regpool_lock" in an uninitialized state. +# 3082| linux_ppc_thread::~linux_ppc_thread() +# 3083| { +# 3084|-> } +# 3085| +# 3086| linux_arm_thread::linux_arm_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : + +Error: LOCK (CWE-665): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3087: unlock: "int_thread" initializes and leaves "this->regpool_lock" unlocked. +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3088: double_initialization: "thread_db_thread" initializes "this->regpool_lock" while it is already initialized. +# 3086| linux_arm_thread::linux_arm_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) : +# 3087| int_thread(p, t, l), +# 3088|-> thread_db_thread(p, t, l), +# 3089| linux_thread(p, t, l), +# 3090| arm_thread(p, t, l) + +Error: LOCK (CWE-667): +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3096: destroy: "~linux_thread" destroys "this->regpool_lock". +dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C:3096: uninitialized_use: "~arm_thread" uses "this->regpool_lock" in an uninitialized state. +# 3094| linux_arm_thread::~linux_arm_thread() +# 3095| { +# 3096|-> } +# 3097| +# 3098| ArchEventLinux::ArchEventLinux(bool inter_) : + +Error: INVALIDATE_ITERATOR (CWE-119): +dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C:4172: path: Condition "this->TOC_table_.empty()", taking false branch. +dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C:4173: find: Calling "find" with element "0UL" returns the end iterator. +dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C:4173: assign: Assigning: "" = "this->TOC_table_.find(std::map, std::allocator > >::key_type const(0UL))". +dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C:4173: deref_iterator: Dereferencing iterator "this->TOC_table_.find(std::map, std::allocator > >::key_type const(0UL))" though it is already past the end of its container. +# 4171| Offset Object::getTOCoffset(Offset off) const { +# 4172| if (TOC_table_.empty()) return 0; +# 4173|-> Offset baseTOC = TOC_table_.find(0)->second; +# 4174| // We only store exceptions to the base TOC, so if we can't find it +# 4175| // return the base + +Error: INFINITE_LOOP (CWE-835): +dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c:92: non_progress_update: Update "i++" makes no progress toward falsifying the loop condition "k < i". +dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c:92: loop_top: Top of the loop. +dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c:94: loop_bottom: Bottom of the loop. +dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c:92: loop_condition: If "k < i" is initially true then it will remain true. +# 90| +# 91| for (j = 0; i < 100; i++) { +# 92|-> for (k = 0; k < i ; i++) { +# 93| funCall38_3(); +# 94| } + +Error: OS_CMD_INJECTION (CWE-78): +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:113: path: Condition "!connection->hasError()", taking true branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:118: path: Condition "true", taking true branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:119: tainted_argument: Calling function "recv_message" taints argument "*buffer". +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:120: path: Condition "!result", taking false branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:125: path: Condition "buffer[0] == 'E'", taking false branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:128: path: Condition "buffer[0] == 'A'", taking false branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:131: path: Condition "buffer[0] == 'L'", taking true branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:131: path: Condition "buffer[1] == ':'", taking true branch. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:132: os_cmd_sink: Passing the tainted command string "*buffer" to the process-invoking API "parse_ldd" may allow an attacker to modify the intention of the command. +dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C:132: remediation: Ensure the tainted data cannot modify the intent of the OS command. If possible, use a safer library or API call instead. +# 130| } +# 131| else if (buffer[0] == 'L' && buffer[1] == ':') { +# 132|-> parse_ldd(buffer); +# 133| } +# 134| else if (buffer[0] == 'G' && buffer[1] == ':') { + +Error: PATH_MANIPULATION (CWE-22): +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3545: tainted_argument: Calling function "recvfrom" taints argument "*buf". [Note: The source code implementation of the function has been overridden by a builtin model.] +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3547: path: Condition "res < 0", taking false branch. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3553: var_assign_var: Assigning: "data" = "(struct clif_data *)buf". Both are now tainted. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3555: path: Condition "size < 24UL /* sizeof (*data) */", taking true branch. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3556: path: Condition "size < 20UL /* sizeof (*data) - sizeof (data->flags) */", taking false branch. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3563: path: Falling through to end of if statement. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3570: identity_transfer: Passing "data->ifname" as argument 2 to function "strncpy", which sets "*ifname" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.] +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3570: tainted_data_transitive: Call to function "strncpy" with tainted argument "data->ifname" transitively taints "ifname". [Note: The source code implementation of the function has been overridden by a builtin model.] +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3573: path: Condition "cmd != CLIF_PID_CMD", taking true branch. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3574: path_manipulation_sink: Constructing a path or URI using the tainted value "ifname" and passing it to "fcoe_validate_interface". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c:3574: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 3572| +# 3573| if (cmd != CLIF_PID_CMD) { +# 3574|-> rc = fcoe_validate_interface(ifname); +# 3575| if (rc) +# 3576| goto err; + +Error: USE_AFTER_FREE (CWE-672): +fio-3.35/blktrace.c:410: path: Condition "!td->io_log_rfile", taking false branch. +fio-3.35/blktrace.c:422: freed_arg: "read_blktrace" frees "td->io_log_rfile". +fio-3.35/blktrace.c:422: path: Condition "!read_blktrace(td)", taking true branch. +fio-3.35/blktrace.c:423: path: Jumping to label "err". +fio-3.35/blktrace.c:436: path: Condition "td->io_log_rfile", taking true branch. +fio-3.35/blktrace.c:437: use_closed_file: Calling "fclose" uses file handle "td->io_log_rfile" after closing it. +# 435| err: +# 436| if (td->io_log_rfile) { +# 437|-> fclose(td->io_log_rfile); +# 438| td->io_log_rfile = NULL; +# 439| } + +Error: PATH_MANIPULATION (CWE-22): +fio-3.35/client.c:1778: path: Condition "((8192UL /* 1 << FD_NET */) & fio_debug) == 0", taking true branch. +fio-3.35/client.c:1778: path: Breaking from loop. +fio-3.35/client.c:1780: tainted_return_value: Function "fio_net_recv_cmd" returns tainted data. +fio-3.35/client.c:1780: var_assign: Assigning: "cmd" = "fio_net_recv_cmd(client->fd, true)", which taints "cmd". +fio-3.35/client.c:1781: path: Condition "!cmd", taking false branch. +fio-3.35/client.c:1784: path: Condition "((8192UL /* 1 << FD_NET */) & fio_debug) == 0", taking true branch. +fio-3.35/client.c:1784: path: Breaking from loop. +fio-3.35/client.c:1789: path: Switch case value "FIO_NET_CMD_SENDFILE". +fio-3.35/client.c:1913: var_assign_var: Assigning: "pdu" = "(struct cmd_sendfile *)cmd->payload". Both are now tainted. +fio-3.35/client.c:1914: path_manipulation_sink: Constructing a path or URI using the tainted value "pdu->path" and passing it to "fio_send_file". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +fio-3.35/client.c:1914: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 1912| case FIO_NET_CMD_SENDFILE: { +# 1913| struct cmd_sendfile *pdu = (struct cmd_sendfile *) cmd->payload; +# 1914|-> fio_send_file(client, pdu, cmd->tag); +# 1915| break; +# 1916| } + +Error: OS_CMD_INJECTION (CWE-78): +fio-3.35/server.c:1345: path: Condition "!exit_backend", taking true branch. +fio-3.35/server.c:1354: path: Condition "!flist_empty(&job_list)", taking false branch. +fio-3.35/server.c:1360: path: Condition "ret < 0", taking false branch. +fio-3.35/server.c:1365: path: Condition "!ret", taking false branch. +fio-3.35/server.c:1371: path: Condition "pfd.revents & 1", taking true branch. +fio-3.35/server.c:1372: path: Breaking from loop. +fio-3.35/server.c:1381: path: Condition "ret < 0", taking false branch. +fio-3.35/server.c:1384: path: Condition "pfd.revents & 1", taking true branch. +fio-3.35/server.c:1385: tainted_return_value: Function "fio_net_recv_cmd" returns tainted data. +fio-3.35/server.c:1385: var_assign: Assigning: "cmd" = "fio_net_recv_cmd(sk_out->sk, true)", which taints "cmd". +fio-3.35/server.c:1386: path: Condition "!cmd", taking false branch. +fio-3.35/server.c:1391: os_cmd_sink: Passing the tainted command string "cmd->payload" to the process-invoking API "handle_command" may allow an attacker to modify the intention of the command. +fio-3.35/server.c:1391: remediation: Ensure the tainted data cannot modify the intent of the OS command. If possible, use a safer library or API call instead. +# 1389| } +# 1390| +# 1391|-> ret = handle_command(sk_out, &job_list, cmd); +# 1392| if (ret) +# 1393| break; + +Error: ATOMICITY (CWE-667): +fio-3.35/zbd.c:1327: path: Condition "is_valid_offset(f, io_u->offset)", taking true branch. +fio-3.35/zbd.c:1327: path: Falling through to end of if statement. +fio-3.35/zbd.c:1329: path: Condition "zbdi->max_open_zones", taking true branch. +fio-3.35/zbd.c:1335: path: Falling through to end of if statement. +fio-3.35/zbd.c:1338: path: Condition "zone_idx < f->min_zone", taking true branch. +fio-3.35/zbd.c:1339: path: Falling through to end of if statement. +fio-3.35/zbd.c:1343: path: Condition "((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0", taking true branch. +fio-3.35/zbd.c:1343: path: Breaking from loop. +fio-3.35/zbd.c:1353: path: Condition "true", taking true branch. +fio-3.35/zbd.c:1357: path: Condition "z->has_wp", taking true branch. +fio-3.35/zbd.c:1362: path: Condition "z->has_wp", taking true branch. +fio-3.35/zbd.c:1363: path: Condition "z->cond != ZBD_ZONE_COND_OFFLINE", taking true branch. +fio-3.35/zbd.c:1363: path: Condition "zbdi->max_open_zones == 0", taking false branch. +fio-3.35/zbd.c:1367: path: Condition "zbdi->num_open_zones == 0", taking true branch. +fio-3.35/zbd.c:1368: path: Condition "((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0", taking true branch. +fio-3.35/zbd.c:1368: path: Breaking from loop. +fio-3.35/zbd.c:1370: path: Jumping to label "open_other_zone". +fio-3.35/zbd.c:1430: path: Condition "zbdi->num_open_zones == f->max_zone - f->min_zone", taking true branch. +fio-3.35/zbd.c:1445: path: Condition "wait_zone_close", taking true branch. +fio-3.35/zbd.c:1446: path: Condition "((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0", taking true branch. +fio-3.35/zbd.c:1446: path: Breaking from loop. +fio-3.35/zbd.c:1454: path: Condition "i > 0", taking true branch. +fio-3.35/zbd.c:1456: path: Condition "z->has_wp", taking true branch. +fio-3.35/zbd.c:1459: path: Condition "!is_valid_offset(f, z->start)", taking true branch. +fio-3.35/zbd.c:1464: path: Condition "is_valid_offset(f, z->start)", taking true branch. +fio-3.35/zbd.c:1464: path: Falling through to end of if statement. +fio-3.35/zbd.c:1465: path: Condition "!z->has_wp", taking true branch. +fio-3.35/zbd.c:1466: path: Continuing loop. +fio-3.35/zbd.c:1454: path: Condition "i > 0", taking true branch. +fio-3.35/zbd.c:1456: path: Condition "z->has_wp", taking false branch. +fio-3.35/zbd.c:1459: path: Condition "!is_valid_offset(f, z->start)", taking true branch. +fio-3.35/zbd.c:1464: path: Condition "is_valid_offset(f, z->start)", taking true branch. +fio-3.35/zbd.c:1464: path: Falling through to end of if statement. +fio-3.35/zbd.c:1465: path: Condition "!z->has_wp", taking false branch. +fio-3.35/zbd.c:1468: path: Condition "z->open", taking true branch. +fio-3.35/zbd.c:1469: path: Continuing loop. +fio-3.35/zbd.c:1454: path: Condition "i > 0", taking false branch. +fio-3.35/zbd.c:1477: lock: Locking "&zbdi->mutex". +fio-3.35/zbd.c:1478: path: Condition "i < zbdi->num_open_zones", taking false branch. +fio-3.35/zbd.c:1498: def: Assigning data that might be protected by the lock to "in_flight". +fio-3.35/zbd.c:1499: path: Condition "in_flight", taking true branch. +fio-3.35/zbd.c:1500: path: Condition "((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0", taking true branch. +fio-3.35/zbd.c:1500: path: Breaking from loop. +fio-3.35/zbd.c:1503: unlock: Unlocking "&zbdi->mutex". "in_flight" might now be unreliable because other threads can now change the data that it depends on. +fio-3.35/zbd.c:1504: unlock: Unlocking "z->mutex". "in_flight" might now be unreliable because other threads can now change the data that it depends on. +fio-3.35/zbd.c:1506: lockagain: Locking "z->mutex" again. +fio-3.35/zbd.c:1507: use: Using an unreliable value of "in_flight" inside the second locked section. If the data that "in_flight" depends on was changed by another thread, this use might be incorrect. +# 1505| io_u_quiesce(td); +# 1506| zone_lock(td, f, z); +# 1507|-> should_retry = in_flight; +# 1508| goto retry; +# 1509| } + +Error: SENSITIVE_DATA_LEAK (CWE-313): +grafana-9.2.10/pkg/api/apikey.go:130: sensitive_data: Calling "New". This call stores sensitive data in ".$0.HashedKey". +grafana-9.2.10/pkg/api/apikey.go:130: assign: Assigning a sensitive string to "newKeyInfo". +grafana-9.2.10/pkg/api/apikey.go:135: assign: Assigning: "cmd.Key" = "newKeyInfo.HashedKey". +grafana-9.2.10/pkg/api/apikey.go:136: sink: Calling "AddAPIKey". This stores the sensitive data "cmd.Key" to a database. It may be exposed to unintended individuals. (The interface method resolves to "apikeyimpl.Service.AddAPIKey(Context, apikey.AddCommand *)".) +grafana-9.2.10/pkg/api/apikey.go:136: remediation: Do not leak this data to a database. +# 134| +# 135| cmd.Key = newKeyInfo.HashedKey +# 136|-> if err := hs.apiKeyService.AddAPIKey(c.Req.Context(), &cmd); err != nil { +# 137| if errors.Is(err, apikey.ErrInvalidExpiration) { +# 138| return response.Error(400, err.Error(), nil) + +Error: SENSITIVE_DATA_LEAK (CWE-313): +grafana-9.2.10/pkg/api/apikey.go:130: sensitive_data: Calling "New". This call stores sensitive data in ".$0.HashedKey". +grafana-9.2.10/pkg/api/apikey.go:130: assign: Assigning a sensitive string to "newKeyInfo". +grafana-9.2.10/pkg/api/apikey.go:135: assign: Assigning: "cmd.Key" = "newKeyInfo.HashedKey". +grafana-9.2.10/pkg/api/apikey.go:136: sink: Calling "AddAPIKey". This stores the sensitive data "cmd.Key" to a database. It may be exposed to unintended individuals. (The interface method resolves to "apikeyimpl.sqlxStore.AddAPIKey(Context, apikey.AddCommand *)".) +grafana-9.2.10/pkg/api/apikey.go:136: remediation: Do not leak this data to a database. +# 134| +# 135| cmd.Key = newKeyInfo.HashedKey +# 136|-> if err := hs.apiKeyService.AddAPIKey(c.Req.Context(), &cmd); err != nil { +# 137| if errors.Is(err, apikey.ErrInvalidExpiration) { +# 138| return response.Error(400, err.Error(), nil) + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/api/static/static.go:125: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:125: assign: Assigning: "file" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:143: sink: Calling "Open". This call uses "file" for sensitive computation. (The interface method resolves to "http.Dir.Open(string)".) +grafana-9.2.10/pkg/api/static/static.go:143: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 141| } +# 142| +# 143|-> f, err := opt.FileSystem.Open(file) +# 144| if err != nil { +# 145| return false + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/api/static/static.go:125: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:125: assign: Assigning: "file" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:143: sink: Calling "Open". This call uses "file" for sensitive computation. (The interface method resolves to "static.staticFileSystem.Open(string)".) +grafana-9.2.10/pkg/api/static/static.go:143: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 141| } +# 142| +# 143|-> f, err := opt.FileSystem.Open(file) +# 144| if err != nil { +# 145| return false + +Error: OPEN_REDIRECT (CWE-601): +grafana-9.2.10/pkg/api/static/static.go:162: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:162: assign: Assigning: "[0]" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:162: identity: Calling "Sprintf". This call assigns "{ctx.Req.URL.Path}" to "". Now "" is tainted. +grafana-9.2.10/pkg/api/static/static.go:162: assign: Assigning: "path" = "Sprintf("%s/", ctx.Req.URL.Path)". +grafana-9.2.10/pkg/api/static/static.go:169: identity: Calling "ReplaceAllString". This call assigns "path" to "". Now "" is tainted. +grafana-9.2.10/pkg/api/static/static.go:169: assign: Assigning: "path" = "rePrefix.ReplaceAllString(path, "/")". +grafana-9.2.10/pkg/api/static/static.go:171: sink: Calling "Redirect". This call passes the tainted data, "path", to a redirect sink. +# 169| path = rePrefix.ReplaceAllString(path, "/") +# 170| } +# 171|-> http.Redirect(ctx.Resp, ctx.Req, path, http.StatusFound) +# 172| return true +# 173| } + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/api/static/static.go:125: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:125: assign: Assigning: "file" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:175: assign: Assigning: "[0]" = "file". +grafana-9.2.10/pkg/api/static/static.go:175: identity: Calling "Join". This call assigns "{file, opt.IndexFile}" to "". Now "" is tainted. +grafana-9.2.10/pkg/api/static/static.go:175: assign: Assigning: "file" = "Join(file, opt.IndexFile)". +grafana-9.2.10/pkg/api/static/static.go:176: sink: Calling "Open". This call uses "file" for sensitive computation. (The interface method resolves to "http.Dir.Open(string)".) +grafana-9.2.10/pkg/api/static/static.go:176: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 174| +# 175| file = path.Join(file, opt.IndexFile) +# 176|-> indexFile, err := opt.FileSystem.Open(file) +# 177| if err != nil { +# 178| return false // Discard error. + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/api/static/static.go:125: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:125: assign: Assigning: "file" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:175: assign: Assigning: "[0]" = "file". +grafana-9.2.10/pkg/api/static/static.go:175: identity: Calling "Join". This call assigns "{file, opt.IndexFile}" to "". Now "" is tainted. +grafana-9.2.10/pkg/api/static/static.go:175: assign: Assigning: "file" = "Join(file, opt.IndexFile)". +grafana-9.2.10/pkg/api/static/static.go:176: sink: Calling "Open". This call uses "file" for sensitive computation. (The interface method resolves to "static.staticFileSystem.Open(string)".) +grafana-9.2.10/pkg/api/static/static.go:176: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 174| +# 175| file = path.Join(file, opt.IndexFile) +# 176|-> indexFile, err := opt.FileSystem.Open(file) +# 177| if err != nil { +# 178| return false // Discard error. + +Error: HEADER_INJECTION (CWE-644): +grafana-9.2.10/pkg/api/static/static.go:125: taint: The field "ctx.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/api/static/static.go:125: assign: Assigning: "file" = "ctx.Req.URL.Path". +grafana-9.2.10/pkg/api/static/static.go:201: sink: Calling "ServeContent". This call uses "file" for sensitive computation. +grafana-9.2.10/pkg/api/static/static.go:201: remediation: Check this header name against a list of acceptable headers (whitelisting). If the list must be dynamic, constrain the header name by construction or validation of user-controllable input to an acceptable set of headers. +# 199| } +# 200| +# 201|-> http.ServeContent(ctx.Resp, ctx.Req, file, fi.ModTime(), f) +# 202| return true +# 203| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/pkg/login/social/azuread_oauth.go:58: insufficient_logging: Calling "ParseSigned". This function call creates a logging obligation. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:58: assign: Assigning: "err" = "ParseSigned((string)idToken)". +grafana-9.2.10/pkg/login/social/azuread_oauth.go:61: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:59: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:59: remediation: Log this issue to improve detection and response to security incidents. +# 57| +# 58| parsedToken, err := jwt.ParseSigned(idToken.(string)) +# 59|-> if err != nil { +# 60| return nil, fmt.Errorf("error parsing id token: %w", err) +# 61| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/pkg/login/social/azuread_oauth.go:243: insufficient_logging: Calling "ParseSigned". This function call creates a logging obligation. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:243: assign: Assigning: "err" = "ParseSigned(token.AccessToken)". +grafana-9.2.10/pkg/login/social/azuread_oauth.go:246: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:244: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/pkg/login/social/azuread_oauth.go:244: remediation: Log this issue to improve detection and response to security incidents. +# 242| if tenantID == "" { +# 243| parsedToken, err := jwt.ParseSigned(token.AccessToken) +# 244|-> if err != nil { +# 245| return "", fmt.Errorf("error parsing access token: %w", err) +# 246| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/pkg/login/social/okta_oauth.go:57: insufficient_logging: Calling "ParseSigned". This function call creates a logging obligation. +grafana-9.2.10/pkg/login/social/okta_oauth.go:57: assign: Assigning: "err" = "ParseSigned((string)idToken)". +grafana-9.2.10/pkg/login/social/okta_oauth.go:60: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/pkg/login/social/okta_oauth.go:58: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/pkg/login/social/okta_oauth.go:58: remediation: Log this issue to improve detection and response to security incidents. +# 56| +# 57| parsedToken, err := jwt.ParseSigned(idToken.(string)) +# 58|-> if err != nil { +# 59| return nil, fmt.Errorf("error parsing id token: %w", err) +# 60| } + +Error: OPEN_REDIRECT (CWE-601): +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:32: taint: The field "c.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:32: identity: Calling "TrimPrefix". This call assigns "c.Context.Req.URL.Path" to "". Now "" is tainted. +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:32: assign: Assigning: "[1]" = "TrimPrefix(c.Context.Req.URL.Path, "/")". +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:32: identity: Calling "Sprintf". This call assigns "{cfg.AppURL, TrimPrefix(c.Context.Req.URL.Path, "/"), queryParams.Encode()}" to "". Now "" is tainted. +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:32: assign: Assigning: "newURL" = "Sprintf("%s%s?%s", cfg.AppURL, TrimPrefix(c.Context.Req.URL.Path, "/"), queryParams.Encode())". +grafana-9.2.10/pkg/middleware/dashboard_redirect.go:33: sink: Calling "Redirect". This call passes the tainted data, "newURL", to a redirect sink. +# 31| +# 32| newURL := fmt.Sprintf("%s%s?%s", cfg.AppURL, strings.TrimPrefix(c.Req.URL.Path, "/"), queryParams.Encode()) +# 33|-> c.Redirect(newURL, 301) +# 34| } +# 35| } + +Error: OPEN_REDIRECT (CWE-601): +grafana-9.2.10/pkg/middleware/org_redirect.go:55: taint: The field "c.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/middleware/org_redirect.go:55: identity: Calling "TrimPrefix". This call assigns "c.Req.URL.Path" to "". Now "" is tainted. +grafana-9.2.10/pkg/middleware/org_redirect.go:55: assign: Assigning: "[1]" = "TrimPrefix(c.Req.URL.Path, "/")". +grafana-9.2.10/pkg/middleware/org_redirect.go:55: identity: Calling "Sprintf". This call assigns "{cfg.AppURL, TrimPrefix(c.Req.URL.Path, "/"), qs}" to "". Now "" is tainted. +grafana-9.2.10/pkg/middleware/org_redirect.go:55: assign: Assigning: "newURL" = "Sprintf("%s%s?%s", cfg.AppURL, TrimPrefix(c.Req.URL.Path, "/"), qs)". +grafana-9.2.10/pkg/middleware/org_redirect.go:57: sink: Calling "Redirect". This call passes the tainted data, "newURL", to a redirect sink. +# 55| newURL := fmt.Sprintf("%s%s?%s", cfg.AppURL, strings.TrimPrefix(c.Req.URL.Path, "/"), qs) +# 56| +# 57|-> c.Redirect(newURL, 302) +# 58| } +# 59| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go:45: insufficient_logging: Calling "Verify". This function call creates a logging obligation. (The interface method resolves to "jwt.AuthService.Verify(Context, string)".) +grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go:45: assign: Assigning: "err" = "h.JWTAuthService.Verify(ctx.Context.Req.Context(), jwtToken)". +grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go:50: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go:46: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go:46: remediation: Log this issue to improve detection and response to security incidents. +# 44| +# 45| claims, err := h.JWTAuthService.Verify(ctx.Req.Context(), jwtToken) +# 46|-> if err != nil { +# 47| ctx.Logger.Debug("Failed to verify JWT", "error", err) +# 48| ctx.JsonApiErr(http.StatusUnauthorized, InvalidJWT, err) + +Error: SENSITIVE_DATA_LEAK (CWE-313): +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:215: sensitive_data: Calling "Hash". This call stores sensitive data in ".$0". +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:215: assign: Assigning: "hash" = "decoded.Hash()". Now "hash" contains sensitive data. +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:220: sink: Calling "GetAPIKeyByHash". This stores the sensitive data "hash" to a database. It may be exposed to unintended individuals. (The interface method resolves to "apikeyimpl.Service.GetAPIKeyByHash(Context, string)".) +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:220: remediation: Do not leak this data to a database. +# 218| } +# 219| +# 220|-> return h.apiKeyService.GetAPIKeyByHash(ctx, hash) +# 221| } +# 222| + +Error: SENSITIVE_DATA_LEAK (CWE-313): +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:215: sensitive_data: Calling "Hash". This call stores sensitive data in ".$0". +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:215: assign: Assigning: "hash" = "decoded.Hash()". +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:220: sink: Calling "GetAPIKeyByHash". This stores the sensitive data "hash" to a database. It may be exposed to unintended individuals. (The interface method resolves to "apikeyimpl.sqlxStore.GetAPIKeyByHash(Context, string)".) +grafana-9.2.10/pkg/services/contexthandler/contexthandler.go:220: remediation: Do not leak this data to a database. +# 218| } +# 219| +# 220|-> return h.apiKeyService.GetAPIKeyByHash(ctx, hash) +# 221| } +# 222| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/pkg/services/datasources/service/store.go:131: path: Condition "errGettingDS != nil", taking false branch. +grafana-9.2.10/pkg/services/datasources/service/store.go:136: path: Condition "ds != nil", taking false branch. +grafana-9.2.10/pkg/services/datasources/service/store.go:136: var_compare_op: Comparing "ds" to null implies that "ds" might be null. +grafana-9.2.10/pkg/services/datasources/service/store.go:152: path: Condition "cmd.UpdateSecretFn != nil", taking true branch. +grafana-9.2.10/pkg/services/datasources/service/store.go:153: path: Condition "err != nil", taking false branch. +grafana-9.2.10/pkg/services/datasources/service/store.go:160: path: Condition "cmd.DeletedDatasourcesCount > 0", taking true branch. +grafana-9.2.10/pkg/services/datasources/service/store.go:161: null_field_access: Accessing field of null object "ds". +# 159| // Publish data source deletion event +# 160| if cmd.DeletedDatasourcesCount > 0 { +# 161|-> sess.PublishAfterCommit(&events.DataSourceDeleted{ +# 162| Timestamp: time.Now(), +# 163| Name: ds.Name, + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:85: path: Condition "", taking true branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:86: lock: Locking "w.mu". +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:87: path: Condition "len(w.buffer) == 0", taking false branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:91: def: Assigning data that might be protected by the lock to "tmpBuffer". +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:94: unlock: Unlocking "w.mu". "tmpBuffer" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:97: path: Condition "err != nil", taking true branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:99: lockagain: Locking "w.mu" again. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go:101: use: Using an unreliable value of "tmpBuffer" inside the second locked section. If the data that "tmpBuffer" depends on was changed by another thread, this use might be incorrect. +# 99| w.mu.Lock() +# 100| // TODO: drop in case of large buffer size? Make several attempts only? +# 101|-> w.buffer = append(tmpBuffer, w.buffer...) +# 102| w.mu.Unlock() +# 103| } + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:61: path: Condition "", taking true branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:62: lock: Locking "out.mu". +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:63: path: Condition "len(out.buffer) == 0", taking false branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:67: def: Assigning data that might be protected by the lock to "tmpBuffer". +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:70: unlock: Unlocking "out.mu". "tmpBuffer" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:73: path: Condition "err != nil", taking true branch. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:75: lockagain: Locking "out.mu" again. +grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go:77: use: Using an unreliable value of "tmpBuffer" inside the second locked section. If the data that "tmpBuffer" depends on was changed by another thread, this use might be incorrect. +# 75| out.mu.Lock() +# 76| // TODO: drop in case of large buffer size? Make several attempts only? +# 77|-> out.buffer = append(tmpBuffer, out.buffer...) +# 78| out.mu.Unlock() +# 79| } + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go:103: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go:103: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go:103: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, Sprintf(endpointPath, iPathParams)).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go:103: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 101| } +# 102| +# 103|-> return am.withReq( +# 104| ctx, +# 105| method, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:47: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:47: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:47: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, endpoints.alerts).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:47: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 45| } +# 46| +# 47|-> return p.withReq( +# 48| ctx, +# 49| http.MethodGet, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:66: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:66: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:66: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, endpoints.rules).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go:66: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 64| } +# 65| +# 66|-> return p.withReq( +# 67| ctx, +# 68| http.MethodGet, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:63: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:63: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:63: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, Sprintf("%s/%s", legacyRulerPrefix, namespace)).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:63: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 61| return ErrResp(500, err, "") +# 62| } +# 63|-> return r.withReq( +# 64| ctx, +# 65| http.MethodDelete, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:81: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:81: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:81: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, Sprintf("%s/%s/%s", legacyRulerPrefix, namespace, group)).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:81: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 79| return ErrResp(500, err, "") +# 80| } +# 81|-> return r.withReq( +# 82| ctx, +# 83| http.MethodDelete, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:104: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:104: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:104: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, Sprintf("%s/%s", legacyRulerPrefix, namespace)).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:104: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 102| return ErrResp(500, err, "") +# 103| } +# 104|-> return r.withReq( +# 105| ctx, +# 106| http.MethodGet, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:126: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:126: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:126: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, Sprintf("%s/%s/%s", legacyRulerPrefix, namespace, group)).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:126: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 124| return ErrResp(500, err, "") +# 125| } +# 126|-> return r.withReq( +# 127| ctx, +# 128| http.MethodGet, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:150: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:150: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:150: sink: Calling "withReq". This call uses "withPath(*ctx.Context.Req.URL, legacyRulerPrefix).Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:150: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 148| } +# 149| +# 150|-> return r.withReq( +# 151| ctx, +# 152| http.MethodGet, + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:172: taint: The field "ctx.Context.Req.URL" is a source of untrusted data. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:172: identity: Calling "withPath". This call assigns "(*ctx.Context.Req.URL).Fragment" to "().Fragment". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:172: assign: Assigning: "u" = "withPath(*ctx.Context.Req.URL, Sprintf("%s/%s", legacyRulerPrefix, ns))". +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:173: sink: Calling "withReq". This call uses "u.Fragment" for sensitive computation. +grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go:173: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 171| } +# 172| u := withPath(*ctx.Req.URL, fmt.Sprintf("%s/%s", legacyRulerPrefix, ns)) +# 173|-> return r.withReq(ctx, http.MethodPost, u, bytes.NewBuffer(yml), jsonExtractor(nil), nil) +# 174| } +# 175| + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/pkg/services/ngalert/image/upload.go:39: insufficient_logging: Calling "Upload". This function call creates a logging obligation. (The interface method resolves to "gcs.Uploader.Upload(Context, string)".) +grafana-9.2.10/pkg/services/ngalert/image/upload.go:39: assign: Assigning: "err" = "s.uploader.Upload(ctx, image.Path)". +grafana-9.2.10/pkg/services/ngalert/image/upload.go:43: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/pkg/services/ngalert/image/upload.go:40: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/pkg/services/ngalert/image/upload.go:40: remediation: Log this issue to improve detection and response to security incidents. +# 38| func (s *UploadingService) Upload(ctx context.Context, image ngmodels.Image) (ngmodels.Image, error) { +# 39| url, err := s.uploader.Upload(ctx, image.Path) +# 40|-> if err != nil { +# 41| defer s.failures.Inc() +# 42| return image, fmt.Errorf("failed to upload screenshot: %w", err) + +Error: SENSITIVE_DATA_LEAK (CWE-319): +grafana-9.2.10/pkg/services/notifications/smtp.go:39: call: Calling "buildEmail". +grafana-9.2.10/pkg/services/notifications/smtp.go:39: assign: Assigning: "m" = "sc.buildEmail(msg)". +grafana-9.2.10/pkg/services/notifications/smtp.go:41: assign: Assigning: "[0]" = "m". +grafana-9.2.10/pkg/services/notifications/smtp.go:41: sensitive_data: Calling "DialAndSend". This call stores sensitive data in "({m}).header.From". +grafana-9.2.10/pkg/services/notifications/smtp.go:39: call: Calling "buildEmail". +grafana-9.2.10/pkg/services/notifications/smtp.go:41: sink: Calling "DialAndSend". This sends the sensitive data "({m}).header" over the network. It may be exposed to unintended individuals. +grafana-9.2.10/pkg/services/notifications/smtp.go:41: remediation: Do not leak this data to the network. +# 39| m := sc.buildEmail(msg) +# 40| +# 41|-> innerError := dialer.DialAndSend(m) +# 42| emailsSentTotal.Inc() +# 43| if innerError != nil { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/pkg/services/org/orgimpl/org.go:184: assign_null: Assigning: "orga" = "nil". +grafana-9.2.10/pkg/services/org/orgimpl/org.go:186: path: Condition "s.cfg.AutoAssignOrg", taking false branch. +grafana-9.2.10/pkg/services/org/orgimpl/org.go:202: null_field_access: Accessing field of null object "orga". +# 200| orga.ID = int64(s.cfg.AutoAssignOrgId) +# 201| } else { +# 202|-> orga.Name = orgName +# 203| } +# 204| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:81: path: Condition " < len(b.Filters)", taking true branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:82: type_assertion: Type assertion can store "nil" into "f". +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:82: path: Condition "ok", taking false branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:86: path: Condition "ok", taking false branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:94: path: Condition "ok", taking false branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:102: path: Condition "ok", taking false branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:108: path: Jumping back to the beginning of the loop. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:81: path: Condition " < len(b.Filters)", taking true branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:82: path: Condition "ok", taking true branch. +grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go:83: null_method_call: Calling a method on null object "f". +# 81| for _, f := range b.Filters { +# 82| if f, ok := f.(FilterLeftJoin); ok { +# 83|-> joins = append(joins, fmt.Sprintf(" LEFT OUTER JOIN %s ", f.LeftJoin())) +# 84| } +# 85| + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/services/store/http.go:94: taint: The field "c.Context.Req.MultipartForm" is a source of untrusted data. +grafana-9.2.10/pkg/services/store/http.go:122: concat: Creating a tainted string using "fileHeader.Filename". +grafana-9.2.10/pkg/services/store/http.go:122: assign: Assigning a tainted string to "path". +grafana-9.2.10/pkg/services/store/http.go:131: assign: Assigning: ".Path" = "path". +grafana-9.2.10/pkg/services/store/http.go:131: sink: Calling "Upload". This call uses "store.UploadRequest{.Contents = data, .EntityType = entityType, .Path = path, .OverwriteExistingFile = overwriteExistingFile, .Properties = {"message" : message}}.Path" for sensitive computation. +grafana-9.2.10/pkg/services/store/http.go:131: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 129| } +# 130| +# 131|-> err = s.Upload(c.Req.Context(), c.SignedInUser, &UploadRequest{ +# 132| Contents: data, +# 133| EntityType: entityType, + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/services/store/http.go:205: taint: The field "c.Context.Req.Body" is a source of untrusted data. +grafana-9.2.10/pkg/services/store/http.go:205: identity: Calling "ReadAll". This call assigns "c.Context.Req.Body" to ".$0". Now ".$0" is tainted. +grafana-9.2.10/pkg/services/store/http.go:205: assign: Assigning: "body" = "ReadAll(c.Context.Req.Body)". +grafana-9.2.10/pkg/services/store/http.go:210: assign: Assigning: "cmd" = "&store.DeleteFolderCmd{"", false}". +grafana-9.2.10/pkg/services/store/http.go:211: identity: Calling "Unmarshal". This call assigns "body" to "cmd". Now "cmd" is tainted. +grafana-9.2.10/pkg/services/store/http.go:222: sink: Calling "DeleteFolder". This call uses "cmd.Path" for sensitive computation. +grafana-9.2.10/pkg/services/store/http.go:222: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 220| // full path is api/storage/delete/upload/example.jpg, but we only want the part after upload +# 221| _, path := getPathAndScope(c) +# 222|-> if err := s.DeleteFolder(c.Req.Context(), c.SignedInUser, cmd); err != nil { +# 223| return response.Error(400, "failed to delete the folder: "+err.Error(), err) +# 224| } + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/pkg/services/store/http.go:234: taint: The field "c.Context.Req.Body" is a source of untrusted data. +grafana-9.2.10/pkg/services/store/http.go:234: identity: Calling "ReadAll". This call assigns "c.Context.Req.Body" to ".$0". Now ".$0" is tainted. +grafana-9.2.10/pkg/services/store/http.go:234: assign: Assigning: "body" = "ReadAll(c.Context.Req.Body)". +grafana-9.2.10/pkg/services/store/http.go:239: assign: Assigning: "cmd" = "&store.CreateFolderCmd{""}". +grafana-9.2.10/pkg/services/store/http.go:240: identity: Calling "Unmarshal". This call assigns "body" to "cmd". Now "cmd" is tainted. +grafana-9.2.10/pkg/services/store/http.go:249: sink: Calling "CreateFolder". This call uses "cmd.Path" for sensitive computation. +grafana-9.2.10/pkg/services/store/http.go:249: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 247| } +# 248| +# 249|-> if err := s.CreateFolder(c.Req.Context(), c.SignedInUser, cmd); err != nil { +# 250| return response.Error(400, "failed to create the folder: "+err.Error(), err) +# 251| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/pkg/util/converter/prom.go:28: assign_null: Assigning: "rsp" = "nil". +grafana-9.2.10/pkg/util/converter/prom.go:34: path: Condition "l1Field != """, taking true branch. +grafana-9.2.10/pkg/util/converter/prom.go:35: path: Switch case value ""status"". +grafana-9.2.10/pkg/util/converter/prom.go:55: path: Jumping back to the beginning of the loop. +grafana-9.2.10/pkg/util/converter/prom.go:34: path: Condition "l1Field != """, taking false branch. +grafana-9.2.10/pkg/util/converter/prom.go:57: path: Condition "status == "error"", taking false branch. +grafana-9.2.10/pkg/util/converter/prom.go:63: path: Condition "len(warnings) > 0", taking true branch. +grafana-9.2.10/pkg/util/converter/prom.go:64: null_field_access: Accessing field of null object "rsp". +# 62| +# 63| if len(warnings) > 0 { +# 64|-> for _, frame := range rsp.Frames { +# 65| if frame.Meta == nil { +# 66| frame.Meta = &data.FrameMeta{} + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/pkg/util/converter/prom.go:96: path: Condition "t == 5 /* ArrayValue */", taking false branch. +grafana-9.2.10/pkg/util/converter/prom.go:100: path: Condition "t != 6 /* ObjectValue */", taking false branch. +grafana-9.2.10/pkg/util/converter/prom.go:107: assign_null: Assigning: "rsp" = "nil". +grafana-9.2.10/pkg/util/converter/prom.go:109: path: Condition "l1Field != """, taking true branch. +grafana-9.2.10/pkg/util/converter/prom.go:110: path: Switch case value ""stats"". +grafana-9.2.10/pkg/util/converter/prom.go:143: null_field_access: Accessing field of null object "rsp". +# 141| case "stats": +# 142| v := iter.Read() +# 143|-> if len(rsp.Frames) > 0 { +# 144| meta := rsp.Frames[0].Meta +# 145| if meta == nil { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:297: path: Condition "host == """, taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:308: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:316: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:319: path: Condition "res != nil", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:322: path: Condition "shouldRetry", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:323: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:326: path: Continuing loop. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:316: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:319: path: Condition "res != nil", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:322: path: Condition "shouldRetry", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:323: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:326: path: Continuing loop. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:316: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:319: path: Condition "res != nil", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:319: var_compare_op: Comparing "res" to null implies that "res" might be null. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:322: path: Condition "shouldRetry", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:328: path: Breaking from loop. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:330: path: Condition "reqErr != nil", taking false branch. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:333: null_field_access: Accessing field of null object "res". +# 331| return "", "", reqErr +# 332| } +# 333|-> defer res.Body.Close() +# 334| if res.StatusCode == http.StatusNotFound { +# 335| return "", "", NotDefinedError(suffix) + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:499: taint: Calling "getETag". This call taints ".$1". +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:499: assign: Assigning: "lastETag" = "c.getETag(suffix)". +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:515: identity: Calling "QueryEscape". This call assigns "lastETag" to "". Now "" is tainted. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:515: sink: Calling "getETag". This call uses a tainted string for sensitive computation. +grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go:515: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 513| } +# 514| for { +# 515|-> val, etag, err := c.getETag(suffix + url.QueryEscape(lastETag)) +# 516| if err != nil { +# 517| if _, deleted := err.(NotDefinedError); !deleted { + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go:1180: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go:1180: assign: Assigning: "err" = "ParsePKCS8PrivateKey(key)". +grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go:1186: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go:1181: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go:1181: remediation: Log this issue to improve detection and response to security incidents. +# 1179| } +# 1180| parsedKey, err := x509.ParsePKCS8PrivateKey(key) +# 1181|-> if err != nil { +# 1182| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 1183| if err != nil { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:100: assign_null: Assigning: "e" = "nil". +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:103: path: Condition "i < len(args)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:105: path: Condition "_, ok := a.(adt.ErrorCode); ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:105: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:129: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:103: path: Condition "i < len(args)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:105: path: Condition "_, ok := a.(adt.ErrorCode); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:107: path: Condition "_, ok := a.(adt.Bottom *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:109: path: Condition "_, ok := a.([]*cuelang.org/go/internal/core/adt.Bottom); ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:109: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:110: path: Condition " < len(x)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:129: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:103: path: Condition "i < len(args)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:130: path: Condition "code >= 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go:131: null_field_access: Accessing field of null object "e". +# 129| } +# 130| if code >= 0 { +# 131|-> e.Code = code +# 132| } +# 133| return e + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go:159: path: Condition "p != nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go:159: var_compare_op: Comparing "p" to null implies that "p" might be null. +grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go:169: null_field_access: Accessing field of null object "p". +# 167| } +# 168| +# 169|-> x.AddInst(p.ImportPath, v, p) +# 170| x.SetBuildData(p, inst) +# 171| inst.index = x + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2259: path: Condition "v.v == nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2264: assign_null: Assigning: "env" = "nil". +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2266: path: Condition "v.v.IsData()", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2270: path: Switch case value "0". +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2272: path: Condition "v.v.BaseValue == nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2308: path: Condition "_, ok := expr.(adt.BinaryExpr *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2312: path: Condition "_, ok := expr.(adt.UnaryExpr *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2315: path: Condition "_, ok := expr.(adt.BoundExpr *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2318: path: Condition "_, ok := expr.(adt.BoundValue *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2321: path: Condition "_, ok := expr.(adt.Conjunction *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2327: path: Condition "_, ok := expr.(adt.Disjunction *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2345: path: Condition "_, ok := expr.(adt.DisjunctionExpr *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2383: path: Condition "_, ok := expr.(adt.Interpolation *); ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2389: path: Condition "_, ok := expr.(adt.FieldReference *); ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2389: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2392: identity_transfer: Passing "env" as argument 1 to member function "PushState", which sets "(*ctx).e" to that argument. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2392: no_write_call: Although "PushState" does overwrite "(*ctx).e" on some paths, it also contains at least one feasible path which does not overwrite it. +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2393: identity_transfer: Member function call "ctx.Env(x.UpCount)" returns field "e". +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2393: alias_transfer: Assigning: "env" = "ctx.Env(x.UpCount)". +grafana-9.2.10/vendor/cuelang.org/go/cue/types.go:2394: null_field_access: Accessing field of null object "env". +# 2392| f := ctx.PushState(env, x.Src) +# 2393| env := ctx.Env(x.UpCount) +# 2394|-> a = append(a, remakeValue(v, nil, &adt.NodeLink{Node: env.Vertex})) +# 2395| a = append(a, remakeValue(v, nil, ctx.NewString(x.Label.SelectorString(ctx)))) +# 2396| _ = ctx.PopState(f) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:490: path: Condition "n.Kind() != 128 /* ListKind */", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:503: path: Condition " < len(obj.Elts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:505: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:506: path: Continuing loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:503: path: Condition " < len(obj.Elts)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:514: path: Condition " < len(s.listItems("required", n, true))", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:517: path: Condition "f == nil", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:517: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:524: path: Continuing loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:514: path: Condition " < len(s.listItems("required", n, true))", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:517: path: Condition "f == nil", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:517: var_compare_op: Comparing "f" to null implies that "f" might be null. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:517: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go:526: null_field_access: Accessing field of null object "f". +# 524| continue +# 525| } +# 526|-> if f.Optional == token.NoPos { +# 527| s.errf(n, "duplicate required field %q", str) +# 528| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:332: path: Condition "b.ctx.expandRefs", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:332: path: Condition "b.format != """, taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:339: identity_transfer: Passing "nil" as argument 1 to function "appendSplit", which returns that argument. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:339: alias_transfer: Assigning: "conjuncts" = "appendSplit(nil, 1, v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:340: path: Condition " < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:340: null_array_access: Accessing an element on null array "conjuncts". +# 338| accept := v +# 339| conjuncts := appendSplit(nil, cue.AndOp, v) +# 340|-> for _, v := range conjuncts { +# 341| // This may be a reference to an enum. So we need to check references before +# 342| // dissecting them. + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:332: path: Condition "b.ctx.expandRefs", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:335: path: Falling through to end of if statement. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:366: path: Condition "count > 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "!isRef", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:373: identity_transfer: Passing "nil" as argument 1 to function "appendSplit", which returns that argument. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:373: alias_transfer: Assigning: "conjuncts" = "appendSplit(nil, 1, values)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: null_array_access: Accessing an element on null array "conjuncts". +# 372| +# 373| conjuncts := appendSplit(nil, cue.AndOp, values) +# 374|-> for i, v := range conjuncts { +# 375| switch { +# 376| case isConcrete(v): + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:332: path: Condition "b.ctx.expandRefs", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:335: path: Falling through to end of if statement. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:366: path: Condition "count > 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "!isRef", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:384: path: Condition "len(r) == 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:387: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:415: path: Switch case value "0". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:429: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:415: path: Switch case value "1". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:420: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:429: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:382: identity_transfer: Passing "nil" as argument 1 to function "appendSplit", which returns that argument. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:382: alias_transfer: Assigning: "a" = "appendSplit(nil, 2, v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: null_array_access: Accessing an element on null array "a". +# 381| default: +# 382| a := appendSplit(nil, cue.OrOp, v) +# 383|-> for i, v := range a { +# 384| if _, r := v.Reference(); len(r) == 0 { +# 385| a[i] = v.Eval() + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:332: path: Condition "b.ctx.expandRefs", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:335: path: Falling through to end of if statement. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:366: path: Condition "count > 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:369: path: Condition "!isRef", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:384: path: Condition "len(r) == 0", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:387: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:415: path: Switch case value "0". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:429: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:415: path: Switch case value "1". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:420: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:429: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:374: path: Condition "i < len(conjuncts)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Considering switch case "isConcrete(v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:376: path: Condition "true == isConcrete(v)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:375: path: Switch case default. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:382: identity_transfer: Passing "nil" as argument 1 to function "appendSplit", which returns that argument. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:382: alias_transfer: Assigning: "a" = "appendSplit(nil, 2, v)". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:383: path: Condition "i < len(a)", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:415: path: Switch case value "1". +grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go:419: null_array_access: Accessing an element on null array "a". +# 417| // Conjunct entirely eliminated. +# 418| case 1: +# 419|-> v = a[0] +# 420| if err := v.Err(); err != nil { +# 421| b.failf(v, "openapi: %v", err) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:151: path: Condition "_, ok := expr.(ast.BasicLit *); ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:151: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:152: path: Condition "x.Kind != 58 /* NULL */", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:153: path: Breaking from switch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:190: path: Switch case value "BytesKind". +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:211: path: Condition "x == nil", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:211: var_compare_op: Comparing "x" to null implies that "x" might be null. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:211: path: Condition "q.IsDouble()", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:217: path: Condition " < len(base64Encodings)", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:218: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:219: path: Breaking from loop. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:222: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:228: path: Condition "q.IsMulti()", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go:233: null_field_access: Accessing field of null object "x". +# 231| quoter = quoter.WithTabIndent(tabs) +# 232| } +# 233|-> x.Value = quoter.Quote(string(b)) +# 234| return x +# 235| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go:317: path: Condition "e.v == nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go:320: path: Condition " < len(appendPath(nil, e.v))", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go:320: identity_transfer: Passing "nil" as argument 1 to function "appendPath", which returns that argument. +grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go:320: null_array_access: Accessing an element on null array "appendPath(nil, e.v)". +# 318| return nil +# 319| } +# 320|-> for _, f := range appendPath(nil, e.v) { +# 321| a = append(a, f.SelectorString(e.r)) +# 322| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:587: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:588: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:588: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:589: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:369: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:370: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:398: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:399: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1026: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1027: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1059: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1060: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:182: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:183: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 587| if first { +# 588| token := peek_token(parser) +# 589|-> parser.marks = append(parser.marks, token.start_mark) +# 590| skip_token(parser) +# 591| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:683: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:684: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:684: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:685: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:369: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:370: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:398: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:399: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1026: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1027: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1059: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1060: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:182: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:183: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 683| if first { +# 684| token := peek_token(parser) +# 685|-> parser.marks = append(parser.marks, token.start_mark) +# 686| skip_token(parser) +# 687| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:778: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:779: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:779: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:780: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:369: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:370: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:398: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:399: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1026: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1027: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1059: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1060: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:182: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:183: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 778| if first { +# 779| token := peek_token(parser) +# 780|-> parser.marks = append(parser.marks, token.start_mark) +# 781| skip_token(parser) +# 782| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:912: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:913: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:913: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:914: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:369: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:370: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:398: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:399: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1026: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1027: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1059: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:1060: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:182: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go:183: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 912| if first { +# 913| token := peek_token(parser) +# 914|-> parser.marks = append(parser.marks, token.start_mark) +# 915| skip_token(parser) +# 916| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:72: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:76: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:80: type_assertion: Type assertion can store "nil" into "v". +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:83: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:88: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:89: null_method_call: Calling a method on null object "v". +# 87| } +# 88| if err != nil { +# 89|-> c.errf(err, +# 90| "cannot use %s (type %s) as %s in argument %d to %s", +# 91| arg, v.Kind(), typ, i, c.Name()) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:72: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:76: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:80: type_assertion: Type assertion can store "nil" into "v". +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:83: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:88: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go:93: null_method_call: Calling a method on null object "v". +# 91| arg, v.Kind(), typ, i, c.Name()) +# 92| } else { +# 93|-> c.errf(err, +# 94| "cannot use %s (type %s) as %s in argument %d to %s", +# 95| arg, v.Kind(), typ, i, c.Name()) + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go:107: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go:107: assign: Assigning: "err" = "ParseCertificate(block.Bytes)". +grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go:110: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go:108: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go:108: remediation: Log this issue to improve detection and response to security incidents. +# 106| if block.Type == "PUBLIC KEY" { +# 107| c, err := x509.ParseCertificate(block.Bytes) +# 108|-> if err != nil { +# 109| return nil, errors.Wrapf(err, ctx.Obj.Pos(), "failed to parse caCert") +# 110| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:173: path: Condition " < len(certs)", taking true branch. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:174: type_assertion: Type assertion can store "nil" into "certKey". +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:175: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:183: path: Condition "sendCertificateChain", taking true branch. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:186: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:173: path: Condition " < len(certs)", taking true branch. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:175: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go:175: null_field_access: Accessing field of null object "certKey". +# 173| for _, cert := range certs { +# 174| certKey, ok := cert.PublicKey.(*rsa.PublicKey) +# 175|-> if ok && key.E == certKey.E && key.N.Cmp(certKey.N) == 0 { +# 176| fp := sha1.Sum(cert.Raw) +# 177| cc.fp = fp[:] + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go:82: insufficient_logging: Calling "ParseCertificates". This function call creates a logging obligation. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go:82: assign: Assigning: "err" = "ParseCertificates(certData, nil)". +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go:85: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go:83: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go:83: remediation: Log this issue to improve detection and response to security incidents. +# 81| } +# 82| certs, key, err := ParseCertificates(certData, nil) +# 83|-> if err != nil { +# 84| return nil, fmt.Errorf(`failed to load certificate from "%s": %v`, certPath, err) +# 85| } + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:314: assign: Assigning: "response" = "c.pipeline.Do(request)". +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:324: taint: The field "response.Header" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:324: identity: Calling "Get". This call assigns "response.Header" to "". Now "" is tainted. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:324: assign: Assigning: "header" = "response.Header.Get("WWW-Authenticate")". +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:333: sink: Calling "ReadFile". This call uses "header[pos + 1:nil:nil]" for sensitive computation. +grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go:333: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 331| return "", fmt.Errorf("did not receive a correct value from WWW-Authenticate header: %s", header) +# 332| } +# 333|-> key, err := ioutil.ReadFile(header[pos+1:]) +# 334| if err != nil { +# 335| return "", fmt.Errorf("could not read file (%s) contents: %v", header[pos+1:], err) + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:80: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:80: assign: Assigning: "err" = "DecryptPEMBlock(block, ([]byte)password)". +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:83: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:81: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:81: remediation: Log this issue to improve detection and response to security incidents. +# 79| if x509.IsEncryptedPEMBlock(block) { +# 80| b, err := x509.DecryptPEMBlock(block, []byte(password)) +# 81|-> if err != nil { +# 82| return nil, nil, fmt.Errorf("could not decrypt encrypted PEM block: %w", err) +# 83| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:92: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:92: assign: Assigning: "err" = "ParseCertificate(block.Bytes)". +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:95: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:93: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:93: remediation: Log this issue to improve detection and response to security incidents. +# 91| case "CERTIFICATE": +# 92| cert, err := x509.ParseCertificate(block.Bytes) +# 93|-> if err != nil { +# 94| return nil, nil, fmt.Errorf("block labelled 'CERTIFICATE' could not be pared by x509: %w", err) +# 95| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:125: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:125: assign: Assigning: "err" = "ParsePKCS8PrivateKey(der)". +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:128: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:126: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go:126: remediation: Log this issue to improve detection and response to security incidents. +# 124| func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { +# 125| key, err := x509.ParsePKCS8PrivateKey(der) +# 126|-> if err != nil { +# 127| return nil, fmt.Errorf("problems decoding private key using PKCS8: %w", err) +# 128| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go:47: path: Condition "h.ha == nil", taking true branch. +grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go:47: var_compare_op: Comparing "h.ha" to null implies that "h.ha" might be null. +grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go:51: null_method_call: Calling a method on null object "h.ha". +# 49| var common_b *hasherCommon +# 50| +# 51|-> common_a = h.ha.Common() +# 52| common_a.params = h.params.hasher +# 53| common_a.is_prepared_ = false + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go:940: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go:940: assign: Assigning: "err" = "ParsePKIXPublicKey(der)". +grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go:943: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go:941: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go:941: remediation: Log this issue to improve detection and response to security incidents. +# 939| +# 940| key, err := x509.ParsePKIXPublicKey(der) +# 941|-> if err != nil { +# 942| return false +# 943| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go:76: assign_null: Assigning: "octx" = "nil". +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go:77: path: Condition " < len(qsearchers)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go:94: null_method_call: Calling a method on null object "octx". +# 92| } +# 93| +# 94|-> optimized, err := octx.Finish() +# 95| if err != nil || optimized == nil { +# 96| return nil, err + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go:86: path: Condition "s != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go:86: var_compare_op: Comparing "s" to null implies that "s" might be null. +grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go:94: null_field_access: Accessing field of null object "s". +# 92| } +# 93| +# 94|-> if s.Op == syntax.OpLiteral && (s.Flags&syntax.FoldCase == 0) { +# 95| return string(s.Rune) +# 96| } + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:542: def: Assigning data that might be protected by the lock to "newDocNums". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "newDocNums" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:542: use: Using an unreliable value of "newDocNums" inside the second locked section. If the data that "newDocNums" depends on was changed by another thread, this use might be incorrect. +# 540| } +# 541| if itr != nil { +# 542|-> newDocNums = append(newDocNums, newDocNumsIn[segmentI]) +# 543| if dropsIn[segmentI] != nil && !dropsIn[segmentI].IsEmpty() { +# 544| drops = append(drops, dropsIn[segmentI]) + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:544: def: Assigning data that might be protected by the lock to "drops". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "drops" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:544: use: Using an unreliable value of "drops" inside the second locked section. If the data that "drops" depends on was changed by another thread, this use might be incorrect. +# 542| newDocNums = append(newDocNums, newDocNumsIn[segmentI]) +# 543| if dropsIn[segmentI] != nil && !dropsIn[segmentI].IsEmpty() { +# 544|-> drops = append(drops, dropsIn[segmentI]) +# 545| } else { +# 546| drops = append(drops, nil) + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:544: def: Assigning data that might be protected by the lock to "drops". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "drops" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:546: use: Using an unreliable value of "drops" inside the second locked section. If the data that "drops" depends on was changed by another thread, this use might be incorrect. +# 544| drops = append(drops, dropsIn[segmentI]) +# 545| } else { +# 546|-> drops = append(drops, nil) +# 547| } +# 548| dicts = append(dicts, dict) + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:548: def: Assigning data that might be protected by the lock to "dicts". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "dicts" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:548: use: Using an unreliable value of "dicts" inside the second locked section. If the data that "dicts" depends on was changed by another thread, this use might be incorrect. +# 546| drops = append(drops, nil) +# 547| } +# 548|-> dicts = append(dicts, dict) +# 549| itrs = append(itrs, itr) +# 550| segmentsInFocus = append(segmentsInFocus, seg) + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:549: def: Assigning data that might be protected by the lock to "itrs". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "itrs" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:549: use: Using an unreliable value of "itrs" inside the second locked section. If the data that "itrs" depends on was changed by another thread, this use might be incorrect. +# 547| } +# 548| dicts = append(dicts, dict) +# 549|-> itrs = append(itrs, itr) +# 550| segmentsInFocus = append(segmentsInFocus, seg) +# 551| } + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:550: def: Assigning data that might be protected by the lock to "segmentsInFocus". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "segmentsInFocus" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:550: use: Using an unreliable value of "segmentsInFocus" inside the second locked section. If the data that "segmentsInFocus" depends on was changed by another thread, this use might be incorrect. +# 548| dicts = append(dicts, dict) +# 549| itrs = append(itrs, itr) +# 550|-> segmentsInFocus = append(segmentsInFocus, seg) +# 551| } +# 552| } + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:548: def: Assigning data that might be protected by the lock to "dicts". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "dicts" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:554: use: Using an unreliable value of "dicts" inside the second locked section. If the data that "dicts" depends on was changed by another thread, this use might be incorrect. +# 552| } +# 553| } +# 554|-> return newDocNums, drops, dicts, itrs, segmentsInFocus, nil +# 555| } +# 556| + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:544: def: Assigning data that might be protected by the lock to "drops". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "drops" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:554: use: Using an unreliable value of "drops" inside the second locked section. If the data that "drops" depends on was changed by another thread, this use might be incorrect. +# 552| } +# 553| } +# 554|-> return newDocNums, drops, dicts, itrs, segmentsInFocus, nil +# 555| } +# 556| + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:549: def: Assigning data that might be protected by the lock to "itrs". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "itrs" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:554: use: Using an unreliable value of "itrs" inside the second locked section. If the data that "itrs" depends on was changed by another thread, this use might be incorrect. +# 552| } +# 553| } +# 554|-> return newDocNums, drops, dicts, itrs, segmentsInFocus, nil +# 555| } +# 556| + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:542: def: Assigning data that might be protected by the lock to "newDocNums". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "newDocNums" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:554: use: Using an unreliable value of "newDocNums" inside the second locked section. If the data that "newDocNums" depends on was changed by another thread, this use might be incorrect. +# 552| } +# 553| } +# 554|-> return newDocNums, drops, dicts, itrs, segmentsInFocus, nil +# 555| } +# 556| + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lock: Locking "(*seg).m". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "dropsIn[segmentI] != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:543: path: Condition "!dropsIn[segmentI].IsEmpty()", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:545: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:550: def: Assigning data that might be protected by the lock to "segmentsInFocus". +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: unlock: Unlocking "(*seg).m". "segmentsInFocus" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:526: path: Condition "isClosed(closeCh)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:532: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:535: path: Condition "dict.fst != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:538: path: Condition "err != ErrIteratorDone", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:541: path: Condition "itr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:553: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:524: path: Condition "segmentI < len(segments)", taking false branch. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:531: lockagain: Locking "(*seg).m" again. +grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go:554: use: Using an unreliable value of "segmentsInFocus" inside the second locked section. If the data that "segmentsInFocus" depends on was changed by another thread, this use might be incorrect. +# 552| } +# 553| } +# 554|-> return newDocNums, drops, dicts, itrs, segmentsInFocus, nil +# 555| } +# 556| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:774: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:776: path: Condition "ip == nil", taking false branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:781: path: Condition "len(ips) == 1", taking false branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:791: path: Condition " < len(ips)", taking true branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:802: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:791: path: Condition " < len(ips)", taking false branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:805: path: Condition "i < len(ips)", taking true branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:806: path: Selecting channel "case conn = <-connChan:". +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:819: assign_null: Assigning: "err" = "nil". +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:820: path: Breaking to label "wait_loop". +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:826: path: Condition "conn == nil", taking true branch. +grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go:828: null_method_call: Calling a method on null object "err". +# 826| if conn == nil { +# 827| f := "Unable to open tcp connection with host '%v:%v': %v" +# 828|-> return nil, fmt.Errorf(f, p.host, resolveServerPort(p.port), err.Error()) +# 829| } +# 830| return conn, err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:93: taint: The field "r.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:107: concat: Creating a tainted string using "host". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:107: assign: Assigning a tainted string to "host". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:109: sink: Calling "connectDial". This call uses "host" for sensitive computation. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:109: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 107| host += ":80" +# 108| } +# 109|-> targetSiteCon, err := proxy.connectDial("tcp", host) +# 110| if err != nil { +# 111| httpError(proxyClient, ctx, err) + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:93: taint: The field "r.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:93: assign: Assigning: "" = "r.URL.Host". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:93: assign: Assigning: "host" = "{OkConnect, r.URL.Host}". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:140: sink: Calling "connectDial". This call uses "host" for sensitive computation. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go:140: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 138| proxyClient.Write([]byte("HTTP/1.0 200 OK\r\n\r\n")) +# 139| ctx.Logf("Assuming CONNECT is plain HTTP tunneling, mitm proxying it") +# 140|-> targetSiteCon, err := proxy.connectDial("tcp", host) +# 141| if err != nil { +# 142| ctx.Warnf("Error dialing to %s: %s", host, err.Error()) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:44: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:49: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:68: path: Condition " < len(hosts)", taking true branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:69: path: Condition "ip != nil", taking true branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:71: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:75: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:68: path: Condition " < len(hosts)", taking true branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:69: path: Condition "ip != nil", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:75: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:68: path: Condition " < len(hosts)", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:79: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:83: assign_null: Assigning: "certpriv" = "nil". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:85: path: Condition "_, ok := ca.PrivateKey.(rsa.PrivateKey *); ok", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:89: path: Condition "_, ok := ca.PrivateKey.(ecdsa.PrivateKey *); ok", taking false branch. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:84: path: Switch case default. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go:98: null_method_call: Calling a method on null object "certpriv". +# 96| +# 97| var derBytes []byte +# 98|-> if derBytes, err = x509.CreateCertificate(&csprng, &template, x509ca, certpriv.Public(), ca.PrivateKey); err != nil { +# 99| return +# 100| } + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go:155: taint: Calling "connectMethodForRequest". +* This call assigns "((.$0).targetAddr).Host" to "(.$0).targetAddr". Now "(.$0).targetAddr" is tainted. +* This call taints "(.$0).targetAddr". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go:155: assign: Assigning: "cm" = "t.connectMethodForRequest(treq)". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go:164: sink: Calling "getConn". This call uses "cm.targetAddr" for sensitive computation. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go:164: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 162| // pre-CONNECTed to https server. In any case, we'll be ready +# 163| // to send it requests. +# 164|-> pconn, err := t.getConn(cm) +# 165| if err != nil { +# 166| return nil, nil, err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:29: taint: The field "req.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:29: assign: Assigning: ".Host" = "req.URL.Host". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:29: assign: Assigning a tainted string to "targetURL". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:32: sink: Calling "Dial". This call uses "targetURL.Host" for sensitive computation. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:32: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 30| +# 31| // Connect to upstream +# 32|-> targetConn, err := tls.Dial("tcp", targetURL.Host, tlsConfig) +# 33| if err != nil { +# 34| ctx.Warnf("Error dialing target site: %v", err) + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:50: taint: The field "req.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:50: assign: Assigning: ".Host" = "req.URL.Host". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:50: assign: Assigning a tainted string to "targetURL". +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:52: sink: Calling "connectDial". This call uses "targetURL.Host" for sensitive computation. +grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go:52: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 50| targetURL := url.URL{Scheme: "ws", Host: req.URL.Host, Path: req.URL.Path} +# 51| +# 52|-> targetConn, err := proxy.connectDial("tcp", targetURL.Host) +# 53| if err != nil { +# 54| ctx.Warnf("Error dialing target site: %v", err) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:60: path: Condition "reflection.Kind() != 22 /* Ptr */", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:64: path: Condition "reflection.IsNil()", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:83: path: Continuing loop. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.IsNil()", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:97: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:101: path: Continuing loop. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: type_assertion: Type assertion can store "nil" into "v". +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:103: path: Switch case value "Ptr". +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:105: path: Condition "fieldValue.IsNil()", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:155: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:159: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.IsNil()", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:96: null_method_call: Calling a method on null object "v". +# 94| continue +# 95| } +# 96|-> fieldData, err := v.MarshalJSON() +# 97| if err != nil { +# 98| return err + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go:16: path: Condition "ok == false", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go:20: path: Condition "ref != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go:20: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go:23: null_field_access: Accessing field of null object "ref". +# 21| return &Ref{Ref: ref.Ref}, nil +# 22| } +# 23|-> return ref.Value, nil +# 24| } +# 25| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:36: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:40: path: Condition "index < 0", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:40: path: Condition "index >= len(p)", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:46: path: Condition "ref != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:46: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:49: null_field_access: Accessing field of null object "ref". +# 47| return &Ref{Ref: ref.Ref}, nil +# 48| } +# 49|-> return ref.Value, nil +# 50| } +# 51| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:18: path: Condition "ok == false", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:22: path: Condition "ref != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:22: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:25: null_field_access: Accessing field of null object "ref". +# 23| return &Ref{Ref: ref.Ref}, nil +# 24| } +# 25|-> return ref.Value, nil +# 26| } +# 27| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go:47: path: Condition "ok == false", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go:51: path: Condition "ref != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go:51: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go:54: null_field_access: Accessing field of null object "ref". +# 52| return &Ref{Ref: ref.Ref}, nil +# 53| } +# 54|-> return ref.Value, nil +# 55| } +# 56| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:88: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:92: path: Condition "i >= (uint64)len(s)", taking false branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:98: path: Condition "ref == nil", taking true branch. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:98: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:99: null_field_access: Accessing field of null object "ref". +# 97| +# 98| if ref == nil || ref.Ref != "" { +# 99|-> return &Ref{Ref: ref.Ref}, nil +# 100| } +# 101| return ref.Value, nil + +Error: SENSITIVE_DATA_LEAK (CWE-319): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:17: sensitive_data: Calling "NewEndpoint". This call stores sensitive data in "(.$0).Password". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:17: assign: Assigning: "ep" = "NewEndpoint(path)". Now "ep.Password" contains sensitive data. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:23: identity: Calling "NewUploadPackSession". This call assigns "ep" to "((.$0).session).endpoint". (The interface method resolves to "http.client.NewUploadPackSession(transport.Endpoint *, transport.AuthMethod)".) Now ".endpoint.Password" contains sensitive data. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:23: assign: Assigning: "s" = "DefaultServer.NewUploadPackSession(ep, nil)". Now "s.session.endpoint.Password" contains sensitive data. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:28: sink: Calling "ServeUploadPack". This sends the sensitive data "s.session.endpoint.Password" over the network. It may be exposed to unintended individuals. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go:28: remediation: Do not leak this data to the network. +# 26| } +# 27| +# 28|-> return common.ServeUploadPack(srvCmd, s) +# 29| } +# 30| + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:23: taint: Calling "AdvertisedReferences". This call taints "s.session.endpoint.Host". (The interface method resolves to "http.upSession.AdvertisedReferences()".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: sink: Calling "UploadPack". This call uses "s.session.endpoint.Host" for sensitive computation. (The interface method resolves to "http.upSession.UploadPack(Context, packp.UploadPackRequest *)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 36| +# 37| var resp *packp.UploadPackResponse +# 38|-> resp, err = s.UploadPack(context.TODO(), req) +# 39| if err != nil { +# 40| return err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:23: taint: Calling "AdvertisedReferences". This call taints "s.session.endpoint.Path". (The interface method resolves to "http.upSession.AdvertisedReferences()".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: sink: Calling "UploadPack". This call uses "s.session.endpoint.Path" for sensitive computation. (The interface method resolves to "http.upSession.UploadPack(Context, packp.UploadPackRequest *)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 36| +# 37| var resp *packp.UploadPackResponse +# 38|-> resp, err = s.UploadPack(context.TODO(), req) +# 39| if err != nil { +# 40| return err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:23: taint: Calling "AdvertisedReferences". This call taints "s.session.endpoint.Protocol". (The interface method resolves to "http.upSession.AdvertisedReferences()".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: sink: Calling "UploadPack". This call uses "s.session.endpoint.Protocol" for sensitive computation. (The interface method resolves to "http.upSession.UploadPack(Context, packp.UploadPackRequest *)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go:38: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 36| +# 37| var resp *packp.UploadPackResponse +# 38|-> resp, err = s.UploadPack(context.TODO(), req) +# 39| if err != nil { +# 40| return err + +Error: SENSITIVE_DATA_LEAK (CWE-319): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:317: sensitive_data: Calling "newUploadPackSession". +* This call stores sensitive data in "(((.$0).Command).endpoint).Password". +* This call assigns a reference to "((.$0).Command).endpoint" to "((.$0).session).endpoint". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:317: assign: Assigning: "s" = "newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:324: sink: Calling "AdvertisedReferencesContext". This sends the sensitive data "s.session.endpoint.Password" over the network. It may be exposed to unintended individuals. (The interface method resolves to "http.upSession.AdvertisedReferencesContext(Context)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:324: remediation: Do not leak this data to the network. +# 322| defer ioutil.CheckClose(s, &err) +# 323| +# 324|-> ar, err := s.AdvertisedReferencesContext(ctx) +# 325| if err != nil { +# 326| return nil, err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:324: taint: Calling "AdvertisedReferencesContext". This call taints "s.session.endpoint.Host". (The interface method resolves to "http.upSession.AdvertisedReferencesContext(Context)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: sink: Calling "fetchPack". This call uses "s.session.endpoint.Host" for sensitive computation. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 365| } +# 366| +# 367|-> if err = r.fetchPack(ctx, o, s, req); err != nil { +# 368| return nil, err +# 369| } + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:324: taint: Calling "AdvertisedReferencesContext". This call taints "s.session.endpoint.Path". (The interface method resolves to "http.upSession.AdvertisedReferencesContext(Context)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: sink: Calling "fetchPack". This call uses "s.session.endpoint.Path" for sensitive computation. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 365| } +# 366| +# 367|-> if err = r.fetchPack(ctx, o, s, req); err != nil { +# 368| return nil, err +# 369| } + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:324: taint: Calling "AdvertisedReferencesContext". This call taints "s.session.endpoint.Protocol". (The interface method resolves to "http.upSession.AdvertisedReferencesContext(Context)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: sink: Calling "fetchPack". This call uses "s.session.endpoint.Protocol" for sensitive computation. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 365| } +# 366| +# 367|-> if err = r.fetchPack(ctx, o, s, req); err != nil { +# 368| return nil, err +# 369| } + +Error: SENSITIVE_DATA_LEAK (CWE-319): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:317: sensitive_data: Calling "newUploadPackSession". +* This call stores sensitive data in "(((.$0).Command).endpoint).Password". +* This call assigns a reference to "((.$0).Command).endpoint" to "((.$0).session).endpoint". Now ".endpoint.Password" contains sensitive data. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:317: assign: Assigning: "s" = "newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)". Now "s.session.endpoint.Password" contains sensitive data. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: sink: Calling "fetchPack". This sends the sensitive data "s.session.endpoint.Password" over the network. It may be exposed to unintended individuals. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:367: remediation: Do not leak this data to the network. +# 365| } +# 366| +# 367|-> if err = r.fetchPack(ctx, o, s, req); err != nil { +# 368| return nil, err +# 369| } + +Error: SENSITIVE_DATA_LEAK (CWE-319): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:1094: sensitive_data: Calling "newUploadPackSession". +* This call stores sensitive data in "(((.$0).Command).endpoint).Password". +* This call assigns a reference to "((.$0).Command).endpoint" to "((.$0).session).endpoint". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:1094: assign: Assigning: "s" = "newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:1101: sink: Calling "AdvertisedReferencesContext". This sends the sensitive data "s.session.endpoint.Password" over the network. It may be exposed to unintended individuals. (The interface method resolves to "http.upSession.AdvertisedReferencesContext(Context)".) +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go:1101: remediation: Do not leak this data to the network. +# 1099| defer ioutil.CheckClose(s, &err) +# 1100| +# 1101|-> ar, err := s.AdvertisedReferencesContext(ctx) +# 1102| if err != nil { +# 1103| return nil, err + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1434: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1438: assign_null: Assigning: "commit" = "nil". +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1440: path: Condition " < len(items)", taking true branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1442: path: Condition "_, ok := item.(revision.Ref); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1491: path: Condition "_, ok := item.(revision.CaretPath); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1519: path: Condition "_, ok := item.(revision.TildePath); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1529: path: Condition "_, ok := item.(revision.CaretReg); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1441: path: Switch case default. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1560: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1440: path: Condition " < len(items)", taking false branch. +grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go:1562: null_field_access: Accessing field of null object "commit". +# 1560| } +# 1561| +# 1562|-> return &commit.Hash, nil +# 1563| } +# 1564| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:50: path: Condition "i < len(keyvals)", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:51: type_assertion: Type assertion can store "nil" into "v". +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:51: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:56: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:50: path: Condition "i < len(keyvals)", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:51: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go:53: null_field_access: Accessing field of null object "v". +# 51| if v, ok := keyvals[i].(*levelValue); ok { +# 52| hasLevel = true +# 53|-> levelAllowed = l.allowed&v.level != 0 +# 54| break +# 55| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:58: path: Condition "i < len(keyvals)", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:59: type_assertion: Type assertion can store "nil" into "v". +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:59: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:64: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:58: path: Condition "i < len(keyvals)", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:59: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go:61: null_field_access: Accessing field of null object "v". +# 59| if v, ok := keyvals[i].(*levelValue); ok { +# 60| hasLevel = true +# 61|-> levelAllowed = l.allowed&v.level != 0 +# 62| break +# 63| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:346: path: Condition "depth > f.opts.MaxLogDepth", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:351: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:359: path: Condition "_, ok := value.(Stringer); ok", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:359: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:367: path: Condition "_, ok := value.(bool); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:369: path: Condition "_, ok := value.(string); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:371: path: Condition "_, ok := value.(int); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:373: path: Condition "_, ok := value.(int8); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:375: path: Condition "_, ok := value.(int16); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:377: path: Condition "_, ok := value.(int32); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:379: path: Condition "_, ok := value.(int64); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:381: path: Condition "_, ok := value.(uint); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:383: path: Condition "_, ok := value.(uint8); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:385: path: Condition "_, ok := value.(uint16); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:387: path: Condition "_, ok := value.(uint32); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:389: path: Condition "_, ok := value.(uint64); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:391: path: Condition "_, ok := value.(uint); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:393: path: Condition "_, ok := value.(float32); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:395: path: Condition "_, ok := value.(float64); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:397: path: Condition "_, ok := value.(__coverity_complex_float); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:399: path: Condition "_, ok := value.(__coverity_complex_double); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:401: path: Condition "_, ok := value.(funcr.PseudoStruct); ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:366: path: Switch case default. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:425: path: Condition "t == nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:429: path: Switch case value "Map". +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:518: path: Condition "it.Next()", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:519: path: Condition "i > 0", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:524: type_assertion: Type assertion can store "nil" into "m". +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:524: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:535: path: Condition "t.Key().Kind() != 24 /* String */", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:545: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:518: path: Condition "it.Next()", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:519: path: Condition "i > 0", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:524: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go:525: null_method_call: Calling a method on null object "m". +# 523| keystr := "" +# 524| if m, ok := it.Key().Interface().(encoding.TextMarshaler); ok { +# 525|-> txt, err := m.MarshalText() +# 526| if err != nil { +# 527| keystr = fmt.Sprintf("", err.Error()) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go:22: path: Condition "rCtx != nil", taking true branch. +grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go:25: path: Condition "route != nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go:25: var_compare_op: Comparing "route" to null implies that "route" might be null. +grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go:31: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go:32: null_field_access: Accessing field of null object "route". +# 30| _, rCtx, err := ctx.Authorize(r, route) +# 31| if err != nil { +# 32|-> ctx.Respond(rw, r, route.Produces, route, err) +# 33| return +# 34| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:112: path: Condition "s == nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:115: path: Condition "s.Schema != nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:115: var_compare_op: Comparing "s.Schema" to null implies that "s.Schema" might be null. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:119: path: Condition "data == nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:127: path: Condition "kind == 22 /* Ptr */", taking false branch. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:133: path: Condition "kind == 25 /* Struct */", taking true branch. +grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go:143: null_field_access: Accessing field of null object "s.Schema". +# 141| // TODO: this part should be handed over to type validator +# 142| // Handle special case of json.Number data (number marshalled as string) +# 143|-> isnumber := s.Schema.Type.Contains(numberType) || s.Schema.Type.Contains(integerType) +# 144| if num, ok := data.(json.Number); ok && isnumber { +# 145| if s.Schema.Type.Contains(integerType) { // avoid lossy conversion + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:100: path: Condition "mc.maxWriteSize < packetSize", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:104: path: Condition "idx == 0", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:112: path: Condition "inMap", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:114: path: Condition "rdr != nil", taking false branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:114: var_compare_op: Comparing "rdr" to null implies that "rdr" might be null. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:121: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:124: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:151: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:151: path: Condition "packetSize > 0", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:154: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go:155: null_method_call: Calling a method on null object "rdr". +# 153| var n int +# 154| for err == nil { +# 155|-> n, err = rdr.Read(data[4:]) +# 156| if n > 0 { +# 157| if ioErr := mc.writePacket(data[:4+n]); ioErr != nil { + +Error: PATH_MANIPULATION (CWE-22): +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go:538: taint: Calling "readPacket". +* This call taints "mc.buf.dbuf". +* This call returns a struct containing "mc.buf.dbuf". +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go:538: assign: Assigning: "data" = "mc.readPacket()". +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go:549: sink: Calling "handleInFileRequest". This call uses "(string)data[1:nil:nil]" for sensitive computation. +grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go:549: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 547| +# 548| case iLocalInFile: +# 549|-> return 0, mc.handleInFileRequest(string(data[1:])) +# 550| } +# 551| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go:756: assign_null: Assigning: "mu" = "nil". +grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go:757: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go:765: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go:777: null_method_call: Calling a method on null object "mu". +# 775| // canonical output, which will also make testing easier. +# 776| +# 777|-> mu.Lock() +# 778| ids := make([]int32, 0, len(m)) +# 779| for id := range m { + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(block.Bytes)". +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:30: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:28: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| var parsedKey interface{} +# 27| if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { +# 28|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { +# 29| return nil, err +# 30| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:59: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:59: assign: Assigning: "err" = "ParsePKCS1PrivateKey(blockDecrypted)". +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:62: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:60: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go:60: remediation: Log this issue to improve detection and response to security incidents. +# 58| +# 59| if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil { +# 60|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil { +# 61| return nil, err +# 62| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:67: assign_null: Assigning: "ed25519Key" = "nil". +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:70: path: Condition "!ok", taking false branch. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:74: null_method_call: Calling a method on null object "ed25519Key". +# 72| } +# 73| +# 74|-> if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { +# 75| return "", ErrInvalidKey +# 76| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(block.Bytes)". +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:30: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:28: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| var parsedKey interface{} +# 27| if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { +# 28|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { +# 29| return nil, err +# 30| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:63: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:63: assign: Assigning: "err" = "ParsePKCS1PrivateKey(blockDecrypted)". +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:66: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:64: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:64: remediation: Log this issue to improve detection and response to security incidents. +# 62| +# 63| if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil { +# 64|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil { +# 65| return nil, err +# 66| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:675: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:679: path: Condition " < len(ss.l)", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:681: path: Condition "err != nil", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:683: path: Continuing loop. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:679: path: Condition " < len(ss.l)", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:681: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:685: path: Condition "fs.omitEmpty", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:687: path: Switch case value "Array". +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:689: path: Condition "fv.Len() == 0", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:701: path: Condition "empty", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:702: path: Continuing loop. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:679: path: Condition " < len(ss.l)", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:681: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:685: path: Condition "fs.omitEmpty", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:687: path: Switch case value "Bool". +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:691: path: Condition "!fv.Bool()", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:701: path: Condition "empty", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:705: type_assertion: Type assertion can store "nil" into "arg". +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:705: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:707: path: Condition "fv.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:708: path: Condition "!fv.IsNil()", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:711: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:714: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:679: path: Condition " < len(ss.l)", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:681: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:685: path: Condition "fs.omitEmpty", taking false branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:705: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go:706: null_method_call: Calling a method on null object "arg". +# 704| } +# 705| if arg, ok := fv.Interface().(Argument); ok { +# 706|-> args = append(args, fs.name, arg.RedisArg()) +# 707| } else if fv.Kind() == reflect.Ptr { +# 708| if !fv.IsNil() { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:91: path: Condition " < len(flattenOptions(nil, opts))", taking true branch. +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:93: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:91: path: Condition " < len(flattenOptions(nil, opts))", taking true branch. +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:91: identity_transfer: Passing "nil" as argument 1 to function "flattenOptions", which returns that argument. +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:91: null_array_access: Accessing an element on null array "flattenOptions(nil, opts)". +# 89| const help = "consider using filters to ensure at most one Comparer or Transformer may apply" +# 90| var ss []string +# 91|-> for _, opt := range flattenOptions(nil, opts) { +# 92| ss = append(ss, fmt.Sprint(opt)) +# 93| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:526: identity_transfer: Passing "nil" as argument 1 to function "flattenOptions", which returns that argument. +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:526: alias_transfer: Assigning: "opts" = "flattenOptions(nil, {src})". +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:526: path: Switch case value "1". +grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go:530: null_array_access: Accessing an element on null array "opts". +# 528| return nil +# 529| case 1: +# 530|-> return opts[0] +# 531| default: +# 532| return opts + +Error: OPEN_REDIRECT (CWE-601): +grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go:353: taint: The field "req.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go:357: concat: Creating a tainted string using "u.Path". +grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go:357: assign: Assigning a tainted string to "u.Path". +grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go:359: identity: Calling "String". This call assigns "u.Path" to "". Now "" is tainted. +grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go:359: sink: Calling "RedirectHandler". This call passes the tainted data, "u.String()", to a redirect sink. +# 357| u.Path += "/" +# 358| } +# 359|-> m.Handler = http.RedirectHandler(u.String(), http.StatusMovedPermanently) +# 360| } +# 361| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/gorilla/websocket/compression.go:35: type_assertion: Type assertion can store "nil" into "fr". +grafana-9.2.10/vendor/github.com/gorilla/websocket/compression.go:36: null_method_call: Calling a method on null object "fr". +# 34| +# 35| fr, _ := flateReaderPool.Get().(io.ReadCloser) +# 36|-> fr.(flate.Resetter).Reset(io.MultiReader(r, strings.NewReader(tail)), nil) +# 37| return &flateReadWrapper{fr} +# 38| } + +Error: SOCKET_ACCEPT_ALL_ORIGINS (CWE-942): +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "function anonymous%1" always returns "true". +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: The function "Upgrader.CheckOrigin()" always returns "true" to accept requests from all origins. +grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go:302: go_socketio_all_origins: Modify the "Upgrader.CheckOrigin()" function to only return "true" for trusted origins, or remove the function completely since the default "Upgrader" will only create "WebSocket" connections with clients from the same origin. +# 300| // don't return errors to maintain backwards compatibility +# 301| } +# 302|-> u.CheckOrigin = func(r *http.Request) bool { +# 303| // allow all connections by default +# 304| return true + +Error: HARDCODED_CREDENTIALS (CWE-259): +grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go:54: hardcoded_credential: The constant string ""********"" is a credential or key. +grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go:54: password_use: Calling "UserPassword". This call uses the constant string as a password. +grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go:54: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 52| if u.User != nil { +# 53| if _, set := u.User.Password(); set { +# 54|-> u.User = url.UserPassword(u.User.Username(), "********") +# 55| } +# 56| } + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: taint: The field "origReq.Method" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: sink: Calling "NewRequest". This call uses "origReq.Method" for sensitive computation. +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 144| m.logRequest(origReq, "stage", "pre-signature") +# 145| +# 146|-> req, err := http.NewRequest(origReq.Method, origReq.URL.String(), origReq.Body) +# 147| if err != nil { +# 148| return nil, err + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: taint: The field "origReq.URL" is a source of untrusted data. +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: identity: Calling "String". This call assigns "origReq.URL.Fragment" to "". Now "" is tainted. +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: sink: Calling "NewRequest". This call uses "origReq.URL.String()" for sensitive computation. +grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go:146: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 144| m.logRequest(origReq, "stage", "pre-signature") +# 145| +# 146|-> req, err := http.NewRequest(origReq.Method, origReq.URL.String(), origReq.Body) +# 147| if err != nil { +# 148| return nil, err + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go:52: insufficient_logging: Calling "setupCA". This function call creates a logging obligation. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go:52: assign: Assigning: "err" = "setupCA(config)". +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go:55: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go:53: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go:53: remediation: Log this issue to improve detection and response to security incidents. +# 51| func NewProxy(mode ProxyMode, fixture []*fixture.Fixture, config *config.Config) *Proxy { +# 52| err := setupCA(config) +# 53|-> if err != nil { +# 54| panic(err) +# 55| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:75: path: Condition "operation == nil", taking false branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:80: path: Condition "response == nil", taking false branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:94: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:97: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:94: path: Condition " < len()", taking false branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:99: path: Condition "response.Content == nil", taking false branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:104: path: Condition "content == nil", taking true branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:104: var_compare_op: Comparing "content" to null implies that "content" might be null. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:106: path: Condition " < len()", taking false branch. +grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go:112: null_field_access: Accessing field of null object "content". +# 110| } +# 111| +# 112|-> example := content.Example +# 113| if example == nil { +# 114| // get the first example in the map + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go:68: path: Condition "len(fieldPath) < 1", taking false branch. +grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go:71: path: Condition "len(values) < 1", taking false branch. +grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go:75: assign_null: Assigning: "fieldDescriptor" = "nil". +grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go:76: path: Condition "i < len(fieldPath)", taking false branch. +grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go:106: null_method_call: Calling a method on null object "fieldDescriptor". +# 104| +# 105| // Check if oneof already set +# 106|-> if of := fieldDescriptor.ContainingOneof(); of != nil { +# 107| if f := msgValue.WhichOneof(of); f != nil { +# 108| return fmt.Errorf("field already set for oneof %q", of.FullName().Name()) + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:765: insufficient_logging: Calling "loadServerCert". This function call creates a logging obligation. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:765: assign: Assigning: "err" = "c.loadServerCert(parts[5])". +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:768: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:766: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:766: remediation: Log this issue to improve detection and response to security incidents. +# 764| if len(parts) >= 6 && len(parts[5]) > 50 { +# 765| err := c.loadServerCert(parts[5]) +# 766|-> if err != nil { +# 767| return nil, fmt.Errorf("error parsing server cert: %s", err) +# 768| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:926: insufficient_logging: Calling "Start". This function call creates a logging obligation. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:926: assign: Assigning: "err" = "c.Start()". +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:929: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:927: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go:927: remediation: Log this issue to improve detection and response to security incidents. +# 925| func (c *Client) Protocol() Protocol { +# 926| _, err := c.Start() +# 927|-> if err != nil { +# 928| return ProtocolInvalid +# 929| } + +Error: LOCK_INVERSION (CWE-833): +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:254: path: Condition "s.shutdown", taking false branch. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:258: path: Condition "s.shutdownErr == nil", taking true branch. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:265: lock_acquire: Calling "Lock" acquires lock "yamux.Session.streamLock". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:267: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:268: lock_order: Calling "forceClose" acquires lock "yamux.Stream.stateLock" while holding lock "yamux.Session.streamLock" (count: 1 / 2). +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:380: lock_acquire: Example 1: Calling "Lock" acquires lock "yamux.Stream.stateLock". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:401: example_lock_order: Example 1 (cont.): Calling "establishStream" acquires lock "yamux.Session.streamLock" while holding "yamux.Stream.stateLock". +# 266| defer s.streamLock.Unlock() +# 267| for _, stream := range s.streams { +# 268|-> stream.forceClose() +# 269| } +# 270| return nil + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:304: lock: Locking "s.pingLock". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:305: def: Assigning data that might be protected by the lock to "id". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:308: unlock: Unlocking "s.pingLock". "id" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:313: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:319: path: Selecting channel "case <-After(s.config.ConnectionWriteTimeout):". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:322: lockagain: Locking "s.pingLock" again. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go:323: use: Using an unreliable value of "id" inside the second locked section. If the data that "id" depends on was changed by another thread, this use might be incorrect. +# 321| case <-time.After(s.config.ConnectionWriteTimeout): +# 322| s.pingLock.Lock() +# 323|-> delete(s.pings, id) // Ignore it if a response comes later. +# 324| s.pingLock.Unlock() +# 325| return 0, ErrTimeout + +Error: LOCK_INVERSION (CWE-833): +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:254: lock_acquire: Calling "Lock" acquires lock "yamux.Stream.recvLock". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:255: path: Condition "s.recvBuf != nil", taking true branch. +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:261: lock_order: Calling "sendFlags" acquires lock "yamux.Stream.stateLock" while holding lock "yamux.Stream.recvLock" (count: 1 / 2). +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:97: lock_acquire: Example 1: Calling "Lock" acquires lock "yamux.Stream.stateLock". +grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go:104: example_lock_order: Example 1 (cont.): Calling "Lock" acquires lock "yamux.Stream.recvLock" while holding "yamux.Stream.stateLock". +# 259| +# 260| // Determine the flags if any +# 261|-> flags := s.sendFlags() +# 262| +# 263| // Check if we can omit the update + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:145: path: Condition "value.Kind() == 23 /* Slice */", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:152: type_assertion: Type assertion can store "nil" into "cmp". +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:152: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:154: path: Condition "value.CanAddr()", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:155: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go:156: null_method_call: Calling a method on null object "cmp". +# 154| } else if value.CanAddr() { +# 155| if cmp, ok = value.Addr().Interface().(Completer); ok { +# 156|-> ret = cmp.Complete(match) +# 157| } +# 158| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:97: path: Condition "len(option.LongName) == 0", taking false branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:106: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:107: type_assertion: Type assertion can store "nil" into "p". +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:107: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:114: path: Condition "_, ok := g.parent.(go-flags.Command *); ok", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:114: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:119: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:106: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:107: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:108: null_field_access: Accessing field of null object "p". +# 106| for { +# 107| if p, ok := g.parent.(*Parser); ok { +# 108|-> namespaceDelimiter = p.NamespaceDelimiter +# 109| +# 110| break + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:148: path: Condition "len(option.EnvDefaultKey) == 0", taking false branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:157: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:158: type_assertion: Type assertion can store "nil" into "p". +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:158: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:165: path: Condition "_, ok := g.parent.(go-flags.Command *); ok", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:165: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:170: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:157: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:158: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go:159: null_field_access: Accessing field of null object "p". +# 157| for { +# 158| if p, ok := g.parent.(*Parser); ok { +# 159|-> namespaceDelimiter = p.EnvNamespaceDelimiter +# 160| +# 161| break + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:157: path: Condition "len(args) <= 32 /* len(stackMeta) */", taking true branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:159: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:163: path: Condition "i < len(args)", taking true branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:164: type_assertion: Type assertion can store "nil" into "a". +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:164: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:172: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:179: path: Condition "meta[i].length == 0", taking false branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:182: path: Falling through to end of if statement. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:186: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:163: path: Condition "i < len(args)", taking true branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:164: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go:166: null_method_call: Calling a method on null object "a". +# 164| if a, ok := arg.(driver.Valuer); ok { +# 165| var err error +# 166|-> arg, err = a.Value() +# 167| if err != nil { +# 168| return "", nil, err + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:133: path: Condition "parens", taking true branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:136: path: Condition "e.o == nil", taking false branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:140: path: Considering switch case "not.code". +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:140: path: Condition "e.o.code == not.code", taking false branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:145: path: Considering switch case "get.code". +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:145: path: Condition "e.o.code == get.code", taking false branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:139: path: Switch case default. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:150: path: Condition "e.left != nil", taking false branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:150: var_compare_op: Comparing "e.left" to null implies that "e.left" might be null. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:156: path: Condition "e.right != nil", taking true branch. +grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go:157: null_field_access: Accessing field of null object "e.left". +# 155| buf = append(buf, ' ') +# 156| if e.right != nil { +# 157|-> buf = e.right.Append(buf, e.left.o != nil && e.left.o.prec >= e.o.prec) +# 158| } +# 159| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:54: assign_null: Assigning: "buf" = "nil". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:56: path: Considering switch case "4". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:56: path: Condition "b == 4", taking false branch. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:58: path: Considering switch case "5". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:58: path: Condition "b == 5", taking false branch. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:60: path: Considering switch case "6". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:60: path: Condition "b == 6", taking false branch. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:62: path: Considering switch case "7". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:62: path: Condition "b == 7", taking false branch. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:64: path: Considering switch case "3". +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:64: path: Condition "b == 3", taking false branch. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:55: path: Switch case default. +grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go:67: unbox_null: Unboxing null object "buf". +# 65| buf = BlockPool8M.Get() +# 66| } +# 67|-> return buf.([]byte) +# 68| } +# 69| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go:122: path: Condition "ctx != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go:122: var_compare_op: Comparing "ctx" to null implies that "ctx" might be null. +grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go:132: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go:146: null_method_call: Calling a method on null object "ctx". +# 144| +# 145| select { +# 146|-> case <-ctx.Done(): +# 147| <-done +# 148| err = resp.Body.Close() + +Error: HARDCODED_CREDENTIALS (CWE-259): +grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go:187: hardcoded_credential: The constant string ""xxxxx"" is a credential or key. +grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go:187: password_use: Calling "UserPassword". This call uses the constant string as a password. +grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go:187: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 185| if _, ok := ru.User.Password(); ok { +# 186| // We can not use secretToken because it would be escaped. +# 187|-> ru.User = url.UserPassword(ru.User.Username(), "xxxxx") +# 188| } +# 189| return ru.String() + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:452: path: Condition "len(alerts) == 0", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:471: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:477: lock: Locking "ams.mtx". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:479: path: Switch case value "AlertmanagerAPIVersionV1". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:482: path: Condition "v1Payload == nil", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:483: def: Assigning data that might be protected by the lock to "v1Payload". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:484: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:519: path: Condition " < len(ams.ams)", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:539: unlock: Unlocking "ams.mtx". "v1Payload" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:540: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:471: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:479: path: Switch case value "AlertmanagerAPIVersionV1". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:482: path: Condition "v1Payload == nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:477: lockagain: Locking "ams.mtx" again. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:491: use: Using an unreliable value of "v1Payload" inside the second locked section. If the data that "v1Payload" depends on was changed by another thread, this use might be incorrect. +# 489| } +# 490| +# 491|-> payload = v1Payload +# 492| } +# 493| case config.AlertmanagerAPIVersionV2: + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:452: path: Condition "len(alerts) == 0", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:471: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:479: path: Switch case value "AlertmanagerAPIVersionV1". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:482: path: Condition "v1Payload == nil", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:484: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:519: path: Condition " < len(ams.ams)", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:540: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:471: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:477: lock: Locking "ams.mtx". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:479: path: Switch case value "AlertmanagerAPIVersionV2". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:495: path: Condition "v2Payload == nil", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:498: def: Assigning data that might be protected by the lock to "v2Payload". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:499: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:519: path: Condition " < len(ams.ams)", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:539: unlock: Unlocking "ams.mtx". "v2Payload" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:540: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:471: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:479: path: Switch case value "AlertmanagerAPIVersionV2". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:495: path: Condition "v2Payload == nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:477: lockagain: Locking "ams.mtx" again. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go:506: use: Using an unreliable value of "v2Payload" inside the second locked section. If the data that "v2Payload" depends on was changed by another thread, this use might be incorrect. +# 504| } +# 505| +# 506|-> payload = v2Payload +# 507| } +# 508| default: + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1335: path: Condition "i < s.size", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1338: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1339: path: Condition " < len(all)", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "len(series.mmappedChunks) > 0", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "series.headChunk != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "series.pendingCommit", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1359: path: Condition "i != j", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1360: lock: Locking "s.locks[j].RWMutex". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1366: def: Assigning data that might be protected by the lock to "deletedForCallback". +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1368: path: Condition "i != j", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1369: unlock: Unlocking "s.locks[j].RWMutex". "deletedForCallback" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1372: unlock: Unlocking "series.RWMutex". "deletedForCallback" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1373: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1339: path: Condition " < len(all)", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "len(series.mmappedChunks) > 0", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "series.headChunk != nil", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1343: path: Condition "series.pendingCommit", taking false branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1359: path: Condition "i != j", taking true branch. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1360: lockagain: Locking "s.locks[j].RWMutex" again. +grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go:1366: use: Using an unreliable value of "deletedForCallback" inside the second locked section. If the data that "deletedForCallback" depends on was changed by another thread, this use might be incorrect. +# 1364| s.hashes[i].del(hash, series.lset) +# 1365| delete(s.series[j], series.ref) +# 1366|-> deletedForCallback = append(deletedForCallback, series.lset) +# 1367| +# 1368| if i != j { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:269: path: Condition " < len(status.Details())", taking true branch. +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:270: type_assertion: Type assertion can store "nil" into "t". +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:270: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:273: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:269: path: Condition " < len(status.Details())", taking true branch. +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:270: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go:271: null_field_access: Accessing field of null object "t". +# 269| for _, detail := range status.Details() { +# 270| if t, ok := detail.(*errdetails.RetryInfo); ok { +# 271|-> return t.RetryDelay.AsDuration() +# 272| } +# 273| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:72: assign_null: Assigning: "curStack" = "nil". +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:74: path: Condition "true", taking true branch. +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:76: path: Condition "err == EOF", taking false branch. +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:79: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:86: path: Condition "HasPrefix(line, "goroutine ")", taking false branch. +grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go:99: null_field_access: Accessing field of null object "curStack". +# 97| isFirstLine = true +# 98| } +# 99|-> curStack.fullStack.WriteString(line) +# 100| if !isFirstLine && curStack.firstFunction == "" { +# 101| curStack.firstFunction = parseFirstFunc(line) + +Error: ATOMICITY (CWE-667): +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:845: lock: Locking "cc.wmu". +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:846: def: Assigning data that might be protected by the lock to "maxConcurrent". +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:847: path: Condition "!cc.seenSettings", taking false branch. +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:850: unlock: Unlocking "cc.wmu". "maxConcurrent" might now be unreliable because other threads can now change the data that it depends on. +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:852: lockagain: Locking "cc.mu" again. +grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go:854: use: Using an unreliable value of "maxConcurrent" inside the second locked section. If the data that "maxConcurrent" depends on was changed by another thread, this use might be incorrect. +# 852| cc.mu.Lock() +# 853| defer cc.mu.Unlock() +# 854|-> return ClientConnState{ +# 855| Closed: cc.closed, +# 856| Closing: cc.closing || cc.singleUse || cc.doNotReuse || cc.goAway != nil, + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:25: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:25: assign: Assigning: "err" = "ParsePKCS8PrivateKey(key)". +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:31: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:26: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:26: remediation: Log this issue to improve detection and response to security incidents. +# 24| } +# 25| parsedKey, err := x509.ParsePKCS8PrivateKey(key) +# 26|-> if err != nil { +# 27| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 28| if err != nil { + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(key)". +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:30: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:28: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| if err != nil { +# 27| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 28|-> if err != nil { +# 29| return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v", err) +# 30| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:167: path: Condition "!gsvd.succFact()", taking false branch. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:170: path: Condition "n < 0", taking false branch. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:170: path: Condition "gsvd.n <= n", taking false branch. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:174: path: Condition "dst.IsEmpty()", taking true branch. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:176: path: Falling through to end of if statement. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:184: path: Condition "j < len(gsvd.Values(nil, n))", taking true branch. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:184: identity_transfer: Passing "nil" as argument 1 to member function "Values", which returns that argument. +grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go:184: null_array_access: Accessing an element on null array "gsvd.Values(nil, n)". +# 182| dst.Copy(&gsvd.b[n]) +# 183| var v VecDense +# 184|-> for j, f := range gsvd.Values(nil, n) { +# 185| v.ColViewOf(dst, j) +# 186| v.ScaleVec(1/f, &v) + +Error: URL_MANIPULATION (CWE-918): +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10375: assign: Assigning: "res" = "c.doRequest("json")". +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10392: taint: The field "res.Header" is a source of untrusted data. +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10392: identity: Calling "Get". This call assigns "res.Header" to "". Now "" is tainted. +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10392: identity: Calling "ResumableUpload". This call assigns "res.Header.Get("Location")" to "().URI". +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10392: assign: Assigning: "rx" = "c.mediaInfo_.ResumableUpload(res.Header.Get("Location"))". +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10401: sink: Calling "Upload". This call uses "rx.URI" for sensitive computation. +grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go:10401: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +#10399| ctx = context.TODO() +#10400| } +#10401|-> res, err = rx.Upload(ctx) +#10402| if err != nil { +#10403| return nil, err + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go:136: insufficient_logging: Calling a function that may return an error. These errors should be logged. +grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go:136: assign: Assigning: "err" = "ParseCertificate(cert.Certificate[0])". +grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go:139: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go:137: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go:137: remediation: Log this issue to improve detection and response to security incidents. +# 135| } +# 136| parsed, err := x509.ParseCertificate(cert.Certificate[0]) +# 137|-> if err != nil { +# 138| return true +# 139| } + +Error: LOCK_INVERSION (CWE-833): +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:539: lock_acquire: Calling "Lock" acquires lock "grpc.ClientConn.mu". +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:541: path: Condition "cc.balancerWrapper != nil", taking true branch. +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:541: path: Condition "cc.balancerWrapper.exitIdle()", taking false branch. +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:544: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:545: lock_order: Calling "connect" acquires lock "grpc.addrConn.mu" while holding lock "grpc.ClientConn.mu" (count: 1 / 2). +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:1238: lock_acquire: Example 1: Calling "Lock" acquires lock "grpc.addrConn.mu". +grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go:1244: example_lock_order: Example 1 (cont.): Calling "RLock" acquires lock "grpc.ClientConn.mu" while holding "grpc.addrConn.mu". +# 543| } +# 544| for ac := range cc.conns { +# 545|-> go ac.connect() +# 546| } +# 547| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:208: path: Condition " < len(accessors)", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:210: path: Condition "m.IsValid()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "v.Kind() == 25 /* Struct */", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "!rv.IsValid()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:216: path: Condition "!rv.IsValid()", taking false branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:219: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:221: path: Condition "!rv.IsNil()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:228: path: Switch case value "Interface". +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: type_assertion: Type assertion can store "nil" into "n". +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:243: path: Condition "isZero", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:244: path: Continuing loop. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:208: path: Condition " < len(accessors)", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:210: path: Condition "m.IsValid()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "v.Kind() == 25 /* Struct */", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "!rv.IsValid()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:216: path: Condition "!rv.IsValid()", taking false branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:219: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:221: path: Condition "!rv.IsNil()", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:228: path: Switch case value "Interface". +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:241: null_method_call: Calling a method on null object "n". +# 239| } +# 240| if n, ok := rv.Interface().(list); ok { +# 241|-> isZero = n.Len() == 0 +# 242| } +# 243| if isZero { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:577: path: Condition "val.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:584: path: Continuing loop. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:591: path: Condition "tag == "-"", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "omitEmpty", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "isEmptyValue(field)", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:600: type_assertion: Type assertion can store "nil" into "r". +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:600: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:605: path: Condition "len(fieldName) == 0", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:606: path: Continuing loop. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:591: path: Condition "tag == "-"", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "omitEmpty", taking false branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:600: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go:601: null_method_call: Calling a method on null object "r". +# 599| +# 600| if r, ok := field.Interface().(StructReflector); ok { +# 601|-> return r.ReflectINIStruct(s.f) +# 602| } +# 603| + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:323: assign_null: Assigning: "value" = "nil". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:326: path: Switch case value "1". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:365: path: Switch case value "ControlTypePaging". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:369: null_field_access: Accessing field of null object "value". +# 367| return NewControlManageDsaIT(Criticality), nil +# 368| case ControlTypePaging: +# 369|-> value.Description += " (Paging)" +# 370| c := new(ControlPaging) +# 371| if value.Value != nil { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:323: assign_null: Assigning: "value" = "nil". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:326: path: Switch case value "1". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:365: path: Switch case value "ControlTypeBeheraPasswordPolicy". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:389: null_field_access: Accessing field of null object "value". +# 387| return c, nil +# 388| case ControlTypeBeheraPasswordPolicy: +# 389|-> value.Description += " (Password Policy - Behera)" +# 390| c := NewControlBeheraPasswordPolicy() +# 391| if value.Value != nil { + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:323: assign_null: Assigning: "value" = "nil". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:326: path: Switch case value "1". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:365: path: Switch case value "ControlTypeVChuPasswordWarning". +grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go:445: null_field_access: Accessing field of null object "value". +# 443| case ControlTypeVChuPasswordWarning: +# 444| c := &ControlVChuPasswordWarning{Expire: -1} +# 445|-> expireStr := ber.DecodeString(value.Data.Bytes()) +# 446| +# 447| expire, err := strconv.ParseInt(expireStr, 10, 64) + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go:514: insufficient_logging: Calling "decryptKey". This function call creates a logging obligation. (The interface method resolves to "opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)".) +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go:514: assign: Assigning: "err" = "decrypter.decryptKey(recipientHeaders, &recipient, generator)". +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go:523: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go:515: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go:515: remediation: Log this issue to improve detection and response to security incidents. +# 513| +# 514| cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) +# 515|-> if err == nil { +# 516| // Found a valid CEK -- let's try to decrypt. +# 517| plaintext, err = cipher.decrypt(cek, authData, parts) + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go:157: insufficient_logging: Calling "sanitized". This function call creates a logging obligation. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go:157: assign: Assigning: "err" = "mergedHeaders.sanitized()". +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go:160: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go:158: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go:158: remediation: Log this issue to improve detection and response to security incidents. +# 156| mergedHeaders := obj.mergedHeaders(nil) +# 157| obj.Header, err = mergedHeaders.sanitized() +# 158|-> if err != nil { +# 159| return nil, fmt.Errorf("square/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders) +# 160| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go:172: insufficient_logging: Calling "parseCertificateChain". This function call creates a logging obligation. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go:172: assign: Assigning: "err" = "parseCertificateChain(raw.X5c)". +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go:175: insufficient_logging: This branch is missing logging after the method call. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go:173: insufficient_logging: Condition is checking a possible error value. +grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go:173: remediation: Log this issue to improve detection and response to security incidents. +# 171| +# 172| certs, err := parseCertificateChain(raw.X5c) +# 173|-> if err != nil { +# 174| return fmt.Errorf("square/go-jose: failed to unmarshal x5c field: %s", err) +# 175| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:580: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:581: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:581: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:582: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 580| if first { +# 581| token := peek_token(parser) +# 582|-> parser.marks = append(parser.marks, token.start_mark) +# 583| skip_token(parser) +# 584| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:676: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:677: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:677: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:678: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 676| if first { +# 677| token := peek_token(parser) +# 678|-> parser.marks = append(parser.marks, token.start_mark) +# 679| skip_token(parser) +# 680| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:771: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:772: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:772: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:773: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 771| if first { +# 772| token := peek_token(parser) +# 773|-> parser.marks = append(parser.marks, token.start_mark) +# 774| skip_token(parser) +# 775| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:905: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:906: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:906: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:907: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 905| if first { +# 906| token := peek_token(parser) +# 907|-> parser.marks = append(parser.marks, token.start_mark) +# 908| skip_token(parser) +# 909| } + +Error: NULL_RETURNS (CWE-476): +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1067: path: Condition "first", taking true branch. +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1068: returned_null: "peek_token" returns "nil" (checked 36 out of 37 times). +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1068: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1069: null_field_access: Accessing field of null object "token". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:458: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:459: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:791: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:792: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1183: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1184: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1216: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:1217: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:232: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go:233: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 1067| if first { +# 1068| token := peek_token(parser) +# 1069|-> parser.marks = append(parser.marks, token.start_mark) +# 1070| skip_token(parser) +# 1071| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/xorm.io/xorm/session.go:390: path: Condition " < len(session.afterClosures)", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:399: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:390: path: Condition " < len(session.afterClosures)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:401: path: Condition "has", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:412: path: Condition "has", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:425: path: Condition "ii < len(fields)", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:429: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:431: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:437: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:443: path: Condition "fieldValue == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:444: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:425: path: Condition "ii < len(fields)", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:429: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:431: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:437: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:443: path: Condition "fieldValue == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:449: path: Condition "rawValue.Interface() == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:453: path: Condition "fieldValue.CanAddr()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:454: type_assertion: Type assertion can store "nil" into "structConvert". +grafana-9.2.10/vendor/xorm.io/xorm/session.go:454: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:466: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:467: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:468: path: Condition "fieldValue.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:468: path: Condition "fieldValue.IsNil()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:472: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:475: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:425: path: Condition "ii < len(fields)", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:429: path: Condition "!ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:431: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:437: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:443: path: Condition "fieldValue == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:449: path: Condition "rawValue.Interface() == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:453: path: Condition "fieldValue.CanAddr()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:454: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:455: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session.go:456: null_method_call: Calling a method on null object "structConvert". +# 454| if structConvert, ok := fieldValue.Addr().Interface().(core.Conversion); ok { +# 455| if data, err := value2Bytes(&rawValue); err == nil { +# 456|-> if err := structConvert.FromDB(data); err != nil { +# 457| return nil, err +# 458| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:35: path: Condition "!session.isAutoCommit", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:35: path: Condition "!session.isCommitedOrRollbacked", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:40: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:50: path: Condition " < len()", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:57: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:60: type_assertion: Type assertion can store "nil" into "processor". +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:60: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:63: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:57: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:60: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:61: null_method_call: Calling a method on null object "processor". +# 59| +# 60| if processor, ok := interface{}(bean).(AfterUpdateProcessor); ok { +# 61|-> processor.AfterUpdate() +# 62| } +# 63| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:35: path: Condition "!session.isAutoCommit", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:35: path: Condition "!session.isCommitedOrRollbacked", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:40: path: Condition "err == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:50: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:53: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:56: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:50: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:53: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:56: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:50: path: Condition " < len()", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:57: path: Condition " < len()", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:64: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:67: type_assertion: Type assertion can store "nil" into "processor". +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:67: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:70: path: Jumping back to the beginning of the loop. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:64: path: Condition " < len()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:67: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go:68: null_method_call: Calling a method on null object "processor". +# 66| +# 67| if processor, ok := interface{}(bean).(AfterDeleteProcessor); ok { +# 68|-> processor.AfterDelete() +# 69| } +# 70| } + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:248: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "!unscoped", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:260: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:290: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:296: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:297: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:299: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:305: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "col.Nullable", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "isZero(fieldValue.Interface())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:316: path: Condition "fieldValue.CanAddr()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:317: type_assertion: Type assertion can store "nil" into "structConvert". +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:317: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:328: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:338: path: Condition "fieldType.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:339: path: Condition "fieldValue.IsNil()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:340: path: Condition "includeNil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:344: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:296: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:297: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:299: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:305: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "col.Nullable", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "isZero(fieldValue.Interface())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:316: path: Condition "fieldValue.CanAddr()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:317: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:318: null_method_call: Calling a method on null object "structConvert". +# 316| if fieldValue.CanAddr() { +# 317| if structConvert, ok := fieldValue.Addr().Interface().(core.Conversion); ok { +# 318|-> data, err := structConvert.ToDB() +# 319| if err != nil { +# 320| engine.logger.Error(err) + +Error: FORWARD_NULL (CWE-476): +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:248: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "!unscoped", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:260: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:290: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:296: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:297: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:299: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:305: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "col.Nullable", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "isZero(fieldValue.Interface())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:316: path: Condition "fieldValue.CanAddr()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:317: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:328: type_assertion: Type assertion can store "nil" into "structConvert". +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:328: path: Condition "ok", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:338: path: Condition "fieldType.Kind() == 22 /* Ptr */", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:339: path: Condition "fieldValue.IsNil()", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:340: path: Condition "includeNil", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:344: path: Continuing loop. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:246: path: Condition " < len(table.Columns())", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "!includeVersion", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:247: path: Condition "col.IsVersion", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:250: path: Condition "col.IsCreated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "!includeUpdated", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:253: path: Condition "col.IsUpdated", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "!includeAutoIncr", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:256: path: Condition "col.IsAutoIncrement", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:259: path: Condition "col.IsDeleted", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:262: path: Condition "omitColumnMap.contain(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:265: path: Condition "len(columnMap) > 0", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:269: path: Condition "col.MapType == 3 /* ONLYFROMDB */", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:273: path: Condition "statement.incrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:275: path: Condition "statement.decrColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:277: path: Condition "statement.exprColumns.isColExist(col.Name)", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:282: path: Condition "err != nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:289: path: Condition "fieldType == nil", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:296: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:297: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:299: path: Falling through to end of if statement. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:305: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "b", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "col.Nullable", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:306: path: Condition "isZero(fieldValue.Interface())", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:316: path: Condition "fieldValue.CanAddr()", taking false branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:328: path: Condition "ok", taking true branch. +grafana-9.2.10/vendor/xorm.io/xorm/statement.go:329: null_method_call: Calling a method on null object "structConvert". +# 327| +# 328| if structConvert, ok := fieldValue.Interface().(core.Conversion); ok { +# 329|-> data, err := structConvert.ToDB() +# 330| if err != nil { +# 331| engine.logger.Error(err) + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java:233: path: Condition "getCount() < 2", taking false branch. +mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java:237: alloc_fn: A new resource is returned from allocation method "getContent". (The virtual call resolves to "javax.mail.internet.MimeBodyPart.getContent".) +mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java:237: var_assign: Assigning: "content" = resource returned from "bp.getContent()". +mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java:238: path: Condition "!(content instanceof com.sun.mail.dsn.Report)", taking true branch. +mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java:239: leaked_resource: Variable "content" going out of scope leaks the resource it refers to. +# 237| Object content = bp.getContent(); +# 238| if (!(content instanceof Report)) +# 239|-> return null; +# 240| return (Report)content; +# 241| } catch (IOException ex) { + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java:38: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "javax.activation.DataHandlerDataSource.getInputStream".) +mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java:38: var_assign: Assigning: "is" = resource returned from "ds.getInputStream()". +mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java:43: noescape: Resource "is" is not closed or saved in "read". +mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java:43: path: Condition "(count = is.read(buf, pos, buf.length - pos)) != -1", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java:57: leaked_resource: Variable "is" going out of scope leaks the resource it refers to. +# 55| } +# 56| Toolkit tk = Toolkit.getDefaultToolkit(); +# 57|-> return tk.createImage(buf, 0, pos); +# 58| } +# 59| + +Error: VOLATILE_ATOMICITY (CWE-366): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:371: path: Condition "fullName == null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:391: path: Condition "separator != 65535 /* com.sun.mail.imap.IMAPFolder.UNKNOWN_SEPARATOR */", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:391: path: Condition "separator != '\0'", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:393: path: Condition "i > 0", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:393: path: Condition "i == this.fullName.length() - 1", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:394: read_volatile: Reading "this.fullName", a volatile field, without any lock held. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:394: intervening_update: Another thread writes to "this.fullName". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:394: stale_update: Updating "this.fullName" based on a stale value. Any intervening update in another thread is overwritten. +# 392| int i = this.fullName.indexOf(separator); +# 393| if (i > 0 && i == this.fullName.length() - 1) { +# 394|-> this.fullName = this.fullName.substring(0, i); +# 395| this.isNamespace = true; +# 396| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3227: returned_null: "readIdleResponse" returns "null" (checked 1 out of 2 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3227: var_assigned: Assigning: "r" = "null" return value from "readIdleResponse". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3230: null_method_call: Calling a method on null object "r". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2068: example_assign: Example 1: Assigning: "r" = return value from "p.readIdleResponse()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2070: example_checked: Example 1 (cont.): "r" has its value checked in "r == null". +# 3228| try { +# 3229| synchronized (messageCacheLock) { +# 3230|-> if (r.isBYE() && r.isSynthetic() && idleState == IDLE) { +# 3231| /* +# 3232| * If it was a timeout and no bytes were transferred + +Error: VOLATILE_ATOMICITY (CWE-366): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3469: path: Condition "java.lang.Thread.holdsLock(messageCacheLock)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3474: path: Condition "r.isOK()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3474: path: Condition "r.isNO()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3481: path: Condition "r.isBYE()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3485: path: Condition "r.isOK()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3495: path: Condition "!r.isUnTagged()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3500: path: Condition "!(r instanceof com.sun.mail.imap.protocol.IMAPResponse)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3509: path: Condition "ir.keyEquals("EXISTS")", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3511: path: Condition "exists <= realTotal", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3522: read_volatile: Reading "total", a volatile field, without any lock held. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3522: intervening_update: Another thread writes to "total". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3522: stale_update: Updating "total" based on a stale value. Any intervening update in another thread is overwritten. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:474: example_comparison: Example 1: Example comparison of "total" to value, suggesting a semantically meaningful use. +# 3520| int oldtotal = total; // used in loop below +# 3521| realTotal += count; +# 3522|-> total += count; +# 3523| +# 3524| // avoid instantiating Message objects if no listeners. + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1255: path: Condition "item instanceof javax.mail.Flags", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1258: path: Condition "item instanceof com.sun.mail.imap.protocol.ENVELOPE", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1260: path: Condition "item instanceof com.sun.mail.imap.protocol.INTERNALDATE", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1262: path: Condition "item instanceof com.sun.mail.imap.protocol.RFC822SIZE", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1264: path: Condition "item instanceof com.sun.mail.imap.protocol.MODSEQ", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1268: path: Condition "item instanceof com.sun.mail.imap.protocol.BODYSTRUCTURE", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1271: path: Condition "item instanceof com.sun.mail.imap.protocol.UID", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1282: path: Condition "item instanceof com.sun.mail.imap.protocol.RFC822DATA", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1286: path: Condition "item instanceof com.sun.mail.imap.protocol.RFC822DATA", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1287: returned_null: "getByteArrayInputStream" returns "null" (checked 4 out of 5 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1287: var_assigned: Assigning: "headerStream" = "null" return value from "getByteArrayInputStream". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1290: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1296: path: Condition "!isHeader", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1301: null_method_call: Calling a method on null object "headerStream". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:931: example_assign: Example 1: Assigning: "is" = return value from "rd.getByteArrayInputStream()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:943: example_checked: Example 1 (cont.): "is" has its value checked in "is == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:754: example_assign: Example 2: Assigning: "is" = return value from "rd.getByteArrayInputStream()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:764: example_checked: Example 2 (cont.): "is" has its value checked in "is == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1572: example_assign: Example 3: Assigning: "is" = return value from "rd.getByteArrayInputStream()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:1582: example_checked: Example 3 (cont.): "is" has its value checked in "is == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:856: example_assign: Example 4: Assigning: "is" = return value from "rd.getByteArrayInputStream()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:866: example_checked: Example 4 (cont.): "is" has its value checked in "is == null". +# 1299| // first, save the size of the message +# 1300| try { +# 1301|-> size = headerStream.available(); +# 1302| } catch (IOException ex) { +# 1303| // should never occur + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java:51: path: Condition "r.readByte() != '['", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java:54: returned_null: "readString" returns "null" (checked 0 out of 1 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java:54: var_assigned: Assigning: "section" = "null" return value from "readString". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java:55: path: Condition "r.readByte() != ']'", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java:58: null_method_call: Calling a method on null object "section". +# 56| throw new ParsingException( +# 57| "BODY parse error: missing ``]'' at section end"); +# 58|-> isHeader = section.regionMatches(true, 0, "HEADER", 0, 6); +# 59| +# 60| if (r.readByte() == '<') { // origin + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:66: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:69: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:74: path: Condition "r.readByte() != '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:78: path: Condition "r.peekByte() == '('", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:79: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:94: path: Condition "r.peekByte() == '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:100: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:103: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:111: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:115: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:123: path: Condition "b == '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:138: path: Condition "b == 'N'", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:139: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:142: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:165: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:172: path: Condition "r.peekByte() == '('", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:173: returned_null: "readStringList" returns "null" (checked 1 out of 5 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:173: var_assigned: Assigning: "language" = "null" return value from "readStringList". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:174: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:175: null_array_length: Accessing length of null array "language". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java:56: example_assign: Example 1: Assigning: "v" = return value from "r.readStringList()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java:57: example_checked: Example 1 (cont.): "v" has its value checked in "v != null". +# 173| language = r.readStringList(); +# 174| if (parseDebug) +# 175|-> System.out.println( +# 176| "DEBUG IMAP: language len " + language.length); +# 177| } else { + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:66: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:69: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:74: path: Condition "r.readByte() != '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:78: path: Condition "r.peekByte() == '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:193: path: Condition "r.peekByte() == ')'", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:215: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:218: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:222: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:226: path: Condition "type == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:231: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:234: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:237: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:244: path: Condition "encoding != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:244: path: Condition "encoding.equalsIgnoreCase("NIL")", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:245: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:254: path: Condition "encoding != null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:256: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:259: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:261: path: Condition "size < 0", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:266: path: Condition "type.equalsIgnoreCase("text")", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:268: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:270: path: Condition "lines < 0", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:273: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:311: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:321: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:329: path: Condition "b == '('", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:341: path: Condition "b == 'N'", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:342: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:345: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:352: path: Condition "r.isNextNonSpace(')')", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:359: path: Condition "r.peekByte() == '('", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:360: returned_null: "readStringList" returns "null" (checked 1 out of 5 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:360: var_assigned: Assigning: "language" = "null" return value from "readStringList". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:361: path: Condition "com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java:362: null_array_length: Accessing length of null array "language". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java:56: example_assign: Example 1: Assigning: "v" = return value from "r.readStringList()". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java:57: example_checked: Example 1 (cont.): "v" has its value checked in "v != null". +# 360| language = r.readStringList(); +# 361| if (parseDebug) +# 362|-> System.out.println("DEBUG IMAP: language len " + +# 363| language.length); +# 364| } else { // protocol is unnessarily complex here + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:78: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:80: path: Condition "i < mechs.length", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:81: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:80: path: Condition "i < mechs.length", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:129: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:133: path: Condition "sc == null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:137: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:143: path: Condition "pr.hasCapability("SASL-IR")", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:154: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:187: path: Condition "r.isContinuation()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:189: path: Condition "!sc.isComplete()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:190: returned_null: "readByteArray" returns "null" (checked 1 out of 4 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:190: null_method_call: Calling a method on null object "r.readByteArray()". +mail-1.6.5/mail/src/main/java/com/sun/mail/iap/Response.java:398: example_assign: Example 1: Assigning: "ba" = return value from "readByteArray()". +mail-1.6.5/mail/src/main/java/com/sun/mail/iap/Response.java:399: example_checked: Example 1 (cont.): "ba" has its value checked in "ba != null". +# 188| byte[] ba = null; +# 189| if (!sc.isComplete()) { +# 190|-> ba = r.readByteArray().getNewBytes(); +# 191| if (ba.length > 0) +# 192| ba = BASE64DecoderStream.decode(ba); + +Error: LOCK_INVERSION (CWE-833): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:73: lock_acquire: Acquiring lock "IMAPSaslAuthenticator.pr". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:78: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:129: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:133: path: Condition "sc == null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:137: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:143: path: Condition "pr.hasCapability("SASL-IR")", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:143: path: Condition "sc.hasInitialResponse()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:146: path: Condition "ba.length > 0", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:149: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:154: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:187: path: Condition "r.isContinuation()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:189: path: Condition "!sc.isComplete()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:198: path: Condition "ba == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:203: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:217: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:224: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:231: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:187: path: Condition "r.isContinuation()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:189: path: Condition "!sc.isComplete()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:198: path: Condition "ba == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:200: path: Throwing "java.io.IOException" (or subclass) from call to "write". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:224: path: Catching exception. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:231: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:233: path: Condition "sc.isComplete()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:235: path: Condition "qop != null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:256: lock_order: Acquiring lock "IMAPStore.pool" while holding "IMAPSaslAuthenticator.pr" conflicts with the lock order established elsewhere. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 1: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1169: example_lock_order: Example 1 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 2: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1140: example_lock_order: Example 2 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 3: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1069: example_lock_order: Example 3 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 4: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1009: example_lock_order: Example 4 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2030: lock_acquire: Example 5: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2031: example_lock_order: Example 5 (cont.): Calling "getStoreProtocol" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +# 254| * code really ends up being just a no-op. +# 255| */ +# 256|-> pr.notifyResponseHandlers(responses); +# 257| +# 258| // Handle the final OK, NO, BAD or BYE response + +Error: LOCK_INVERSION (CWE-833): +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:73: lock_acquire: Acquiring lock "IMAPSaslAuthenticator.pr". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:78: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:129: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:133: path: Condition "sc == null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:137: path: Condition "logger.isLoggable(java.util.logging.Level.FINE)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:143: path: Condition "pr.hasCapability("SASL-IR")", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:143: path: Condition "sc.hasInitialResponse()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:146: path: Condition "ba.length > 0", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:149: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:154: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:187: path: Condition "r.isContinuation()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:189: path: Condition "!sc.isComplete()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:198: path: Condition "ba == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:203: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:217: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:224: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:231: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:187: path: Condition "r.isContinuation()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:189: path: Condition "!sc.isComplete()", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:198: path: Condition "ba == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:200: path: Throwing "java.io.IOException" (or subclass) from call to "write". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:224: path: Catching exception. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:231: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:184: path: Condition "!done", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:233: path: Condition "sc.isComplete()", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:235: path: Condition "qop != null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:267: path: Condition "isXGWTRUSTEDAPP", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:267: path: Condition "authzid != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java:274: lock_order: Acquiring lock "IMAPStore.pool" while holding "IMAPSaslAuthenticator.pr" conflicts with the lock order established elsewhere. +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 1: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1169: example_lock_order: Example 1 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 2: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1140: example_lock_order: Example 2 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 3: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1069: example_lock_order: Example 3 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 4: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1009: example_lock_order: Example 4 (cont.): Calling "login" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2030: lock_acquire: Example 5: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2031: example_lock_order: Example 5 (cont.): Calling "getStoreProtocol" acquires lock "IMAPSaslAuthenticator.pr" while holding "IMAPStore.pool". +# 272| +# 273| // dispatch untagged responses +# 274|-> pr.notifyResponseHandlers(responses); +# 275| +# 276| // Handle result of this command + +Error: LOCK_INVERSION (CWE-833): +mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java:1238: lock_acquire: Acquiring lock "SMTPTransport.this". +mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java:1240: path: Condition "message != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java:1240: lock_order: Acquiring lock "IMAPStore.pool" while holding "SMTPTransport.this" conflicts with the lock order established elsewhere. (The virtual call resolves to "com.sun.mail.imap.IMAPMessage.getSubject".) +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 1: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1169: example_lock_order: Example 1 (cont.): Calling "login" acquires lock "SMTPTransport.this" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1126: lock_acquire: Example 2: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1140: example_lock_order: Example 2 (cont.): Calling "login" acquires lock "SMTPTransport.this" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 3: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1069: example_lock_order: Example 3 (cont.): Calling "login" acquires lock "SMTPTransport.this" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:993: lock_acquire: Example 4: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:1009: example_lock_order: Example 4 (cont.): Calling "login" acquires lock "SMTPTransport.this" while holding "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2030: lock_acquire: Example 5: Acquiring lock "IMAPStore.pool". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java:2031: example_lock_order: Example 5 (cont.): Calling "getStoreProtocol" acquires lock "SMTPTransport.this" while holding "IMAPStore.pool". +# 1238| throws MessagingException, SendFailedException { +# 1239| +# 1240|-> sendMessageStart(message != null ? message.getSubject() : ""); +# 1241| checkConnected(); +# 1242| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:247: path: Condition "com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINEST)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:262: path: Condition "proxyHost != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:264: path: Condition "i >= 0", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:275: path: Condition "com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINER)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:277: path: Condition "proxyUser != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:278: path: Condition "proxyPassword == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:281: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:299: path: Condition "sf != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:299: path: Condition "!(sf instanceof javax.net.ssl.SSLSocketFactory)", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:301: path: Condition "socket == null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:302: path: Condition "socksHost != null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:306: path: Condition "com.sun.mail.util.PropUtil.getBooleanProperty(props, prefix + ".usesocketchannels", false)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:309: alloc_fn: A new resource is returned from allocation method "open". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:309: identity_transfer: Method call "java.nio.channels.SocketChannel.open().socket()" returns a wrapper for "java.nio.channels.SocketChannel.open()" ("this"). +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:309: var_assign: Assigning: "socket" = resource returned from "java.nio.channels.SocketChannel.open().socket()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:310: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:313: path: Condition "to >= 0", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:314: path: Condition "com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINEST)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:316: noescape: Resource "socket" is not closed or saved in "setSoTimeout". (The virtual call resolves to "com.sun.mail.util.WriteTimeoutSocket.setSoTimeout".) +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:316: path: Throwing "java.net.SocketException" (or subclass) from call to "setSoTimeout"; exiting method with uncaught exception. (The virtual call resolves to "com.sun.mail.util.WriteTimeoutSocket.setSoTimeout".) +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java:316: leaked_resource: Variable "socket" going out of scope leaks the resource it refers to. +# 314| if (logger.isLoggable(Level.FINEST)) +# 315| logger.finest("set socket read timeout " + to); +# 316|-> socket.setSoTimeout(to); +# 317| } +# 318| int writeTimeout = PropUtil.getIntProperty(props, + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1651: path: Condition "java.lang.Thread.holdsLock(this)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1652: path: Condition "f != null", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1654: path: Condition "type != null", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1658: path: Condition "k != (java.util.logging.Formatter.class)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1663: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1667: path: Condition "(idx = name.indexOf("ml", idx)) > -1", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1669: path: Condition "idx > 0", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1678: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1667: path: Condition "(idx = name.indexOf("ml", idx)) > -1", taking false branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1679: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1659: returned_null: "getSuperclass" returns "null" (checked 3 out of 6 times). +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1659: var_assigned: Assigning: "k" = "null" return value from "getSuperclass". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1658: path: Condition "k != (java.util.logging.Formatter.class)", taking true branch. +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1662: null_method_call: Calling a method on null object "k". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java:366: example_assign: Example 1: Assigning: "t" = return value from "t.getSuperclass()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java:366: example_checked: Example 1 (cont.): "t" has its value checked in "t != null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java:388: example_assign: Example 2: Assigning: "k" = return value from "k.getSuperclass()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java:388: example_checked: Example 2 (cont.): "k" has its value checked in "k != null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:7014: example_assign: Example 3: Assigning: "k" = return value from "k.getSuperclass()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:7014: example_checked: Example 3 (cont.): "k" has its value checked in "k != null". +# 1660| String name; +# 1661| try { +# 1662|-> name = k.getSimpleName(); +# 1663| } catch (final InternalError JDK8057919) { +# 1664| name = k.getName(); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1478: path: Condition "dh == null", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1494: path: Condition "cType.match("multipart/*")", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1498: path: Condition "part instanceof javax.mail.internet.MimeBodyPart", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1500: path: Condition "mbp.cachedContent != null", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1500: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1500: var_assign: Assigning: "o" = resource returned from "dh.getContent()". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1502: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1508: path: Condition "o instanceof javax.mail.internet.MimeMultipart", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1511: noescape: Resource "o" is not closed or saved in "getClass". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1511: path: Throwing "javax.mail.MessagingException". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java:1511: leaked_resource: Variable "o" going out of scope leaks the resource it refers to. +# 1509| ((MimeMultipart)o).updateHeaders(); +# 1510| else +# 1511|-> throw new MessagingException("MIME part of type \"" + +# 1512| type + "\" contains object of type " + +# 1513| o.getClass().getName() + " instead of MimeMultipart"); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:560: path: Condition "parsed", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:570: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "javax.activation.DataHandlerDataSource.getInputStream".) +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:570: var_assign: Assigning: "in" = resource returned from "ds.getInputStream()". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:571: path: Condition "!(in instanceof java.io.ByteArrayInputStream)", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:571: path: Condition "!(in instanceof java.io.BufferedInputStream)", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:571: path: Condition "!(in instanceof javax.mail.internet.SharedInputStream)", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:574: var_assign: Assigning: "in" = resource returned from "new java.io.BufferedInputStream(in)". +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:575: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:578: path: Condition "in instanceof javax.mail.internet.SharedInputStream", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:581: path: Throwing "javax.mail.internet.ParseException" (or subclass) from call to "ContentType"; exiting method with uncaught exception. +mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java:581: leaked_resource: Variable "in" going out of scope leaks the resource it refers to. +# 579| sin = (SharedInputStream)in; +# 580| +# 581|-> ContentType cType = new ContentType(contentType); +# 582| String boundary = null; +# 583| if (!ignoreExistingBoundaryParameter) { + +Error: INVALIDATE_ITERATOR (CWE-119): +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:397: return_iterator: Call to "iterator" returns an iterator from "multisegmentNames". +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:397: assign: Assigning: "it" = "multisegmentNames.iterator()". +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:398: path: Condition "it.hasNext()", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:408: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:411: path: Condition "v == null", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:415: path: Condition "v instanceof javax.mail.internet.ParameterList.Value", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:417: path: Condition "segment == 0", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:421: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:429: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:432: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:436: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:408: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:411: path: Condition "v == null", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:415: path: Condition "v instanceof javax.mail.internet.ParameterList.Value", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:417: path: Condition "segment == 0", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:422: path: Condition "charset == null", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:424: modify_iterable: Call to "remove" modifies "Iterable" "multisegmentNames" which invalidates iterator "it". +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:425: path: Breaking from loop. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:437: path: Condition "segment == 0", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:442: path: Condition "charset != null", taking false branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:444: path: Condition "charset == null", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:446: path: Condition "charset != null", taking true branch. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:447: path: Falling through to end of if statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:450: path: Falling through to end of try statement. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:462: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java:398: invalid_iterator: Using invalid iterator "it" in call to "hasNext". +# 396| try { +# 397| Iterator it = multisegmentNames.iterator(); +# 398|-> while (it.hasNext()) { +# 399| String name = it.next(); +# 400| MultiValue mv = new MultiValue(); + +Error: HARDCODED_CREDENTIALS (CWE-259): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java:66: hardcoded_credential: The constant string ""test"" is a credential or key. +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java:66: identity: Calling "toCharArray". This call assigns ""test"" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java:66: password_use: Calling "setPassword". This call uses the constant string as a password. (The virtual call resolves to "javax.security.auth.callback.PasswordCallback.setPassword(char[])".) +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java:66: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 64| } else if (callbacks[i] instanceof PasswordCallback) { +# 65| PasswordCallback pcb = (PasswordCallback)callbacks[i]; +# 66|-> pcb.setPassword(p.toCharArray()); +# 67| } else if (callbacks[i] instanceof AuthorizeCallback) { +# 68| AuthorizeCallback ac = (AuthorizeCallback)callbacks[i]; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:61: returned_null: "getMessageByUID" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "com.sun.mail.imap.IMAPFolder.getMessageByUID".) +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:61: var_assigned: Assigning: "m" = "null" return value from "getMessageByUID". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:62: null_method_call: Calling a method on null object "m". +# 60| throws MessagingException { +# 61| Message m = ((UIDFolder)folder).getMessageByUID(2); +# 62|-> m.getFlags(); +# 63| assertEquals(1, handler.getSeqNum()); +# 64| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:85: returned_null: "getMessageByUID" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "com.sun.mail.imap.IMAPFolder.getMessageByUID".) +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:85: var_assigned: Assigning: "m" = "null" return value from "getMessageByUID". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java:86: null_method_call: Calling a method on null object "m". +# 84| throws MessagingException { +# 85| Message m = ((UIDFolder)folder).getMessageByUID(2); +# 86|-> m.getFlags(); +# 87| assertEquals(2, handler.getSeqNum()); +# 88| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:44: returned_null: "getItem" returns "null" (checked 5 out of 9 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:44: var_assigned: Assigning: "bs" = "null" return value from "getItem". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:45: null_field_access: Accessing field of null object "bs". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3608: example_assign: Example 1: Assigning: "uid" = return value from "fr.getItem(com.sun.mail.imap.protocol.UID.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3609: example_checked: Example 1 (cont.): "uid" has its value checked in "uid != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3617: example_assign: Example 2: Assigning: "modseq" = return value from "fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3618: example_checked: Example 2 (cont.): "modseq" has its value checked in "modseq != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3630: example_assign: Example 3: Assigning: "flags" = return value from "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3631: example_checked: Example 3 (cont.): "flags" has its value checked in "flags != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:1930: example_checked: Example 4: "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)" has its value checked in "(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:2036: example_checked: Example 5: "fr.getItem(com.sun.mail.imap.protocol.UID.class)" has its value checked in "(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null". +# 43| FetchResponse fr = new FetchResponse(response); +# 44| BODYSTRUCTURE bs = fr.getItem(BODYSTRUCTURE.class); +# 45|-> ParameterList p = bs.cParams; +# 46| assertNotNull(p.get("name")); +# 47| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:67: returned_null: "getItem" returns "null" (checked 5 out of 9 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:67: var_assigned: Assigning: "bs" = "null" return value from "getItem". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java:68: null_field_access: Accessing field of null object "bs". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3608: example_assign: Example 1: Assigning: "uid" = return value from "fr.getItem(com.sun.mail.imap.protocol.UID.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3609: example_checked: Example 1 (cont.): "uid" has its value checked in "uid != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3617: example_assign: Example 2: Assigning: "modseq" = return value from "fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3618: example_checked: Example 2 (cont.): "modseq" has its value checked in "modseq != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3630: example_assign: Example 3: Assigning: "flags" = return value from "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3631: example_checked: Example 3 (cont.): "flags" has its value checked in "flags != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:1930: example_checked: Example 4: "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)" has its value checked in "(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:2036: example_checked: Example 5: "fr.getItem(com.sun.mail.imap.protocol.UID.class)" has its value checked in "(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null". +# 66| FetchResponse fr = new FetchResponse(response); +# 67| BODYSTRUCTURE bs = fr.getItem(BODYSTRUCTURE.class); +# 68|-> assertEquals("S/MIME Encrypted Message", bs.description); +# 69| } +# 70| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java:64: returned_null: "fetchBody" returns "null" (checked 3 out of 4 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java:64: var_assigned: Assigning: "b" = "null" return value from "fetchBody". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java:65: null_method_call: Calling a method on null object "b". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPBodyPart.java:188: example_assign: Example 1: Assigning: "b" = return value from "p.fetchBody(seqnum, sectionId)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPBodyPart.java:189: example_checked: Example 1 (cont.): "b" has its value checked in "b != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:748: example_assign: Example 2: Assigning: "b" = return value from "p.fetchBody(getSequenceNumber(), toSection("TEXT"))". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:749: example_checked: Example 2 (cont.): "b" has its value checked in "b != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:850: example_assign: Example 3: Assigning: "b" = return value from "p.fetchBody(getSequenceNumber(), sectionId)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java:851: example_checked: Example 3 (cont.): "b" has its value checked in "b != null". +# 63| debug); +# 64| BODY b = p.fetchBody(1, "1.1"); +# 65|-> assertEquals("section number", "1.1", b.getSection()); +# 66| //System.out.println(b); +# 67| //System.out.write(b.getByteArray().getNewBytes()); + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:36: returned_null: "getItem" returns "null" (checked 5 out of 9 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:36: var_assigned: Assigning: "m" = "null" return value from "getItem". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:37: null_field_access: Accessing field of null object "m". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3608: example_assign: Example 1: Assigning: "uid" = return value from "fr.getItem(com.sun.mail.imap.protocol.UID.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3609: example_checked: Example 1 (cont.): "uid" has its value checked in "uid != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3617: example_assign: Example 2: Assigning: "modseq" = return value from "fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3618: example_checked: Example 2 (cont.): "modseq" has its value checked in "modseq != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3630: example_assign: Example 3: Assigning: "flags" = return value from "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3631: example_checked: Example 3 (cont.): "flags" has its value checked in "flags != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:1930: example_checked: Example 4: "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)" has its value checked in "(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:2036: example_checked: Example 5: "fr.getItem(com.sun.mail.imap.protocol.UID.class)" has its value checked in "(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null". +# 35| FetchResponse fr = new FetchResponse(response); +# 36| MODSEQ m = fr.getItem(MODSEQ.class); +# 37|-> assertEquals(1, m.seqnum); +# 38| assertEquals(624140003, m.modseq); +# 39| } + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:49: returned_null: "getItem" returns "null" (checked 5 out of 9 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:49: var_assigned: Assigning: "m" = "null" return value from "getItem". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java:50: null_field_access: Accessing field of null object "m". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3608: example_assign: Example 1: Assigning: "uid" = return value from "fr.getItem(com.sun.mail.imap.protocol.UID.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3609: example_checked: Example 1 (cont.): "uid" has its value checked in "uid != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3617: example_assign: Example 2: Assigning: "modseq" = return value from "fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3618: example_checked: Example 2 (cont.): "modseq" has its value checked in "modseq != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3630: example_assign: Example 3: Assigning: "flags" = return value from "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java:3631: example_checked: Example 3 (cont.): "flags" has its value checked in "flags != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:1930: example_checked: Example 4: "fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)" has its value checked in "(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java:2036: example_checked: Example 5: "fr.getItem(com.sun.mail.imap.protocol.UID.class)" has its value checked in "(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null". +# 48| FetchResponse fr = new FetchResponse(response); +# 49| MODSEQ m = fr.getItem(MODSEQ.class); +# 50|-> assertEquals(1, m.seqnum); +# 51| assertEquals(624140003, m.modseq); +# 52| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java:65: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java:65: var_assign: Assigning: "in" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader((com.sun.mail.imap.protocol.UIDSetTest.class).getResourceAsStream("uiddata")))". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java:68: noescape: Resource "in" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java:68: path: Condition "(t = com.sun.mail.imap.protocol.UIDSetTest.parse(in)) != null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java:70: leaked_resource: Variable "in" going out of scope leaks the resource it refers to. +# 68| while ((t = parse(in)) != null) +# 69| testData.add(new TestData[] { t }); +# 70|-> return testData; +# 71| } +# 72| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3FolderClosedExceptionTest.java:69: alloc_fn: A new resource is returned from allocation method "getContent". (The virtual call resolves to "javax.mail.internet.MimeMessage.getContent".) +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3FolderClosedExceptionTest.java:69: leaked_resource: Ignoring resource created by "msg.getContent()" leaks it. +# 67| Message msg = folder.getMessage(1); +# 68| try { +# 69|-> msg.getContent(); +# 70| } catch (IOException ioex) { +# 71| // expected + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java:123: alloc_fn: A new resource is returned from allocation method "getContent". (The virtual call resolves to "javax.mail.internet.MimeBodyPart.getContent".) +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java:123: var_assign: Assigning: "content" = resource returned from "p.getContent()". +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java:124: path: Condition "content instanceof javax.mail.Multipart", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java:130: leaked_resource: Variable "content" going out of scope leaks the resource it refers to. +# 128| loadMail(mp.getBodyPart(i)); +# 129| } +# 130|-> } +# 131| } + +Error: FORWARD_NULL (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java:120: path: Condition "p instanceof com.sun.mail.util.ReadableMime", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java:121: assign_zero: Assigning: "is" = "null". +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java:125: path: Throwing "javax.mail.IllegalWriteException" from call to "writeTo". (The virtual call resolves to "com.sun.mail.imap.IMAPMessage.writeTo".) +mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java:135: null_method_call: Calling a method on null object "is". +# 133| } finally { +# 134| try { +# 135|-> is.close(); +# 136| } catch (IOException ex) { } +# 137| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:81: path: Condition "keepOn", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:83: alloc_fn: A new resource is returned from allocation method "accept". +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:83: var_assign: Assigning: "clientSocket" = resource returned from "serverSocket.accept()". +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:88: identity_transfer: Method call "clientSocket.getInputStream()" returns a wrapper for "clientSocket" ("this"). +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:88: noescape: Resource "clientSocket" is not closed or saved in "getInputStream". +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:88: var_assign: Assigning: "is" = resource returned from "clientSocket.getInputStream()". +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:89: noescape: Resource "is" is not closed or saved in "read". +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:89: path: Condition "is.read() >= 0", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:92: leaked_resource: Variable "is" going out of scope leaks the resource it refers to. +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java:92: leaked_resource: Variable "clientSocket" going out of scope leaks the resource it refers to. +# 90| ; +# 91| gotEOF = true; +# 92|-> } catch (final IOException e) { +# 93| //e.printStackTrace(); +# 94| } + +Error: HARDCODED_CREDENTIALS (CWE-259): +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java:82: hardcoded_credential: The constant string ""test"" is a credential or key. +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java:82: identity: Calling "toCharArray". This call assigns ""test"" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java:82: password_use: Calling "setPassword". This call uses the constant string as a password. (The virtual call resolves to "javax.security.auth.callback.PasswordCallback.setPassword(char[])".) +mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java:82: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 80| } else if (callbacks[i] instanceof PasswordCallback) { +# 81| PasswordCallback pcb = (PasswordCallback)callbacks[i]; +# 82|-> pcb.setPassword(p.toCharArray()); +# 83| } else if (callbacks[i] instanceof AuthorizeCallback) { +# 84| AuthorizeCallback ac = (AuthorizeCallback)callbacks[i]; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java:185: returned_null: "getResource" returns "null" (checked 0 out of 1 times). +mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java:185: var_assigned: Assigning: "url" = "null" return value from "getResource". +mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java:186: null_method_call: Calling a method on null object "url". +# 184| try { +# 185| URL url = ClassLoaderSuite.class.getResource(name); +# 186|-> if (url.getProtocol().equals("file")) { +# 187| String file = url.getPath(); +# 188| if (file.endsWith(name)) // has to be true? + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: noescape: Resource "(com.sun.mail.test.TestServer.class).getResourceAsStream("keystore.jks")" is not closed or saved in "load". +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: leaked_resource: Failing to save or close resource created by "(com.sun.mail.test.TestServer.class).getResourceAsStream("keystore.jks")" leaks it. +# 113| throws IOException, GeneralSecurityException { +# 114| KeyStore keyStore = KeyStore.getInstance("JKS"); +# 115|-> keyStore.load( +# 116| TestServer.class.getResourceAsStream("keystore.jks"), +# 117| "changeit".toCharArray()); + +Error: HARDCODED_CREDENTIALS (CWE-259): +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: hardcoded_credential: The constant string ""changeit"" is a credential or key. +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: identity: Calling "toCharArray". This call assigns ""changeit"" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: password_use: Calling "load". This call uses the constant string as a password. (The virtual call resolves to "java.security.KeyStore.load(java.io.InputStream, char[])".) +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:115: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 113| throws IOException, GeneralSecurityException { +# 114| KeyStore keyStore = KeyStore.getInstance("JKS"); +# 115|-> keyStore.load( +# 116| TestServer.class.getResourceAsStream("keystore.jks"), +# 117| "changeit".toCharArray()); + +Error: HARDCODED_CREDENTIALS (CWE-259): +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:121: hardcoded_credential: The constant string ""changeit"" is a credential or key. +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:121: identity: Calling "toCharArray". This call assigns ""changeit"" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:121: password_use: Calling "init". This call uses the constant string as a password. (The virtual call resolves to "javax.net.ssl.KeyManagerFactory.init(java.security.KeyStore, char[])".) +mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java:121: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 119| // Create key manager +# 120| KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); +# 121|-> kmf.init(keyStore, "changeit".toCharArray()); +# 122| KeyManager[] km = kmf.getKeyManagers(); +# 123| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:67: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:67: var_assign: Assigning: "in" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader((com.sun.mail.util.UUDecoderStreamTest.class).getResourceAsStream("uudata")))". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:70: noescape: Resource "in" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:70: path: Condition "(t = com.sun.mail.util.UUDecoderStreamTest.parse(in)) != null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:72: leaked_resource: Variable "in" going out of scope leaks the resource it refers to. +# 70| while ((t = parse(in)) != null) +# 71| testData.add(new TestData[] { t }); +# 72|-> return testData; +# 73| } +# 74| + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:111: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:113: path: Condition "line == null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.length() == 0", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:116: path: Continuing loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:111: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:113: path: Condition "line == null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.length() == 0", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.startsWith("#")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:118: path: Condition "!line.startsWith("TEST")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:120: path: Breaking from loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:130: path: Condition "!tok.equals("DATA")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:134: path: Condition "tok.equals("ignoreErrors")", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:135: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:140: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:134: path: Condition "tok.equals("ignoreErrors")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:136: path: Condition "tok.equals("ignoreMissingBeginEnd")", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:137: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:140: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:144: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:145: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:145: var_assigned: Assigning: "line" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:146: null_method_call: Calling a method on null object "line". +# 144| for (;;) { +# 145| line = in.readLine(); +# 146|-> if (line.equals("EXPECT")) +# 147| break; +# 148| os.write(line); + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:111: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:113: path: Condition "line == null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.length() == 0", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:116: path: Continuing loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:111: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:113: path: Condition "line == null", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.length() == 0", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:115: path: Condition "line.startsWith("#")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:118: path: Condition "!line.startsWith("TEST")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:120: path: Breaking from loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:130: path: Condition "!tok.equals("DATA")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:134: path: Condition "tok.equals("ignoreErrors")", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:135: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:140: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:134: path: Condition "tok.equals("ignoreErrors")", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:136: path: Condition "tok.equals("ignoreMissingBeginEnd")", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:137: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:140: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:132: path: Condition "st.hasMoreTokens()", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:144: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:146: path: Condition "line.equals("EXPECT")", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:147: path: Breaking from loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:156: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:157: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:157: var_assigned: Assigning: "line" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java:158: null_method_call: Calling a method on null object "line". +# 156| for (;;) { +# 157| line = in.readLine(); +# 158|-> if (line.startsWith("EXCEPTION")) { +# 159| i = line.indexOf(' '); // XXX - crude +# 160| t.expectedException = line.substring(i + 1); + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:263: path: Condition "idx >= 0", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:266: path: Condition "idx >= 0", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:269: returned_null: "getCause" returns "null" (checked 11 out of 16 times). (The virtual call resolves to "java.lang.Throwable.getCause".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:269: null_method_call: Calling a method on null object "record.getThrown().getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java:74: example_assign: Example 1: Assigning: "t" = return value from "getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java:75: example_checked: Example 1 (cont.): "t" has its value checked in "t == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java:412: example_assign: Example 2: Assigning: "c" = return value from "c.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java:412: example_checked: Example 2 (cont.): "c" has its value checked in "c != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1715: example_assign: Example 3: Assigning: "cause" = return value from "t.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1716: example_checked: Example 3 (cont.): "cause" has its value checked in "cause == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java:111: example_assign: Example 4: Assigning: "cause" = return value from "cause.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java:111: example_checked: Example 4 (cont.): "cause" has its value checked in "cause != null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:6994: example_assign: Example 5: Assigning: "cause" = return value from "t.getCause()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:6995: example_checked: Example 5 (cont.): "cause" has its value checked in "cause == null". +# 267| +# 268| assertTrue(result, result.contains(record.getThrown().getClass().getSimpleName())); +# 269|-> assertTrue(result, result.contains(record.getThrown().getCause().getClass().getSimpleName())); +# 270| +# 271| assertFalse(result, result.contains(Exception.class.getPackage().getName())); + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:965: returned_null: "getCause" returns "null" (checked 11 out of 16 times). (The virtual call resolves to "java.lang.Throwable.getCause".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java:965: null_method_call: Calling a method on null object "e.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java:74: example_assign: Example 1: Assigning: "t" = return value from "getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java:75: example_checked: Example 1 (cont.): "t" has its value checked in "t == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java:412: example_assign: Example 2: Assigning: "c" = return value from "c.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java:412: example_checked: Example 2 (cont.): "c" has its value checked in "c != null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1715: example_assign: Example 3: Assigning: "cause" = return value from "t.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java:1716: example_checked: Example 3 (cont.): "cause" has its value checked in "cause == null". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java:111: example_assign: Example 4: Assigning: "cause" = return value from "cause.getCause()". +mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java:111: example_checked: Example 4 (cont.): "cause" has its value checked in "cause != null". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:6994: example_assign: Example 5: Assigning: "cause" = return value from "t.getCause()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:6995: example_checked: Example 5 (cont.): "cause" has its value checked in "cause == null". +# 963| record.setThrown(e); +# 964| String result = cf.formatThrown(record); +# 965|-> assertTrue(result, result.startsWith(e.getCause().getClass().getSimpleName())); +# 966| assertTrue(result, result.contains(cf.formatMessage(record.getThrown()))); +# 967| assertTrue(result, result.endsWith(cf.formatBackTrace(record))); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1010: new_resource: "new java.util.logging.ConsoleHandler()" creates a new resource. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1010: var_assign: Assigning: "mh" = resource returned from "new java.util.logging.MemoryHandler(new java.util.logging.ConsoleHandler(), 100, java.util.logging.Level.OFF)". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1011: noescape: Resource "mh" is not closed or saved in "setFilter". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1014: noescape: Resource "mh" is not closed or saved in "isLoggable". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1020: path: Falling through to end of try statement. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1036: path: Condition "instance != null", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1053: path: Condition "!em.exceptions.isEmpty()", taking false branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:1054: leaked_resource: Variable "mh" going out of scope leaks the resource it refers to. +# 1052| +# 1053| assertEquals(true, !em.exceptions.isEmpty()); +# 1054|-> } +# 1055| +# 1056| @Test + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2832: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2832: var_assign: Assigning: "mp" = resource returned from "msg.getContent()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2834: path: Throwing "javax.mail.MessagingException" (or subclass) from call to "getHeader". (The virtual call resolves to "com.sun.mail.pop3.POP3Message.getHeader".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2834: leaked_resource: Variable "mp" going out of scope leaks the resource it refers to. +# 2832| MimeMultipart mp = (MimeMultipart) msg.getContent(); +# 2833| Locale l = Locale.getDefault(); +# 2834|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader("Accept-Language", null)); +# 2835| String lang[] = msg.getContentLanguage(); +# 2836| assertNotNull(lang); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2925: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2925: var_assign: Assigning: "mp" = resource returned from "msg.getContent()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2929: path: Throwing "javax.mail.MessagingException" (or subclass) from call to "getHeader". (The virtual call resolves to "com.sun.mail.pop3.POP3Message.getHeader".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2929: leaked_resource: Variable "mp" going out of scope leaks the resource it refers to. +# 2927| assertFalse(l.getCountry().equals(expect.getCountry())); +# 2928| +# 2929|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader("Accept-Language", null)); +# 2930| String lang[] = msg.getContentLanguage(); +# 2931| assertEquals(1, lang.length); + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2937: returned_null: "getContentLanguage" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "javax.mail.internet.MimeBodyPart.getContentLanguage".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2937: var_assigned: Assigning: "lang" = "null" return value from "getContentLanguage". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:2938: null_array_length: Accessing length of null array "lang". +# 2936| part = (MimePart) mp.getBodyPart(0); +# 2937| lang = part.getContentLanguage(); +# 2938|-> assertEquals(1, lang.length); +# 2939| assertEquals(LogManagerProperties.toLanguageTag(expect), lang[0]); +# 2940| assertEquals(LogManagerProperties.toLanguageTag(l), part.getHeader("Accept-Language", null)); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3033: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3033: var_assign: Assigning: "mp" = resource returned from "msg.getContent()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3035: path: Throwing "javax.mail.MessagingException" (or subclass) from call to "getHeader". (The virtual call resolves to "com.sun.mail.pop3.POP3Message.getHeader".) +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3035: leaked_resource: Variable "mp" going out of scope leaks the resource it refers to. +# 3033| MimeMultipart mp = (MimeMultipart) msg.getContent(); +# 3034| Locale l = Locale.getDefault(); +# 3035|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader("Accept-Language", null)); +# 3036| String lang[] = msg.getContentLanguage(); +# 3037| assertEquals(LogManagerProperties.toLanguageTag(Locale.ENGLISH), lang[0]); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3333: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3334: new_resource: "new com.sun.mail.util.logging.MailHandler(1)" creates a new resource. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3334: var_assign: Assigning: "h" = resource returned from "new com.sun.mail.util.logging.MailHandler(1)". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3335: noescape: Resource "h" is not closed or saved in "getCapacity". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:3336: leaked_resource: Variable "h" going out of scope leaks the resource it refers to. +# 3334| MailHandler h = new MailHandler(1); +# 3335| h.getCapacity(); +# 3336|-> } catch (RuntimeException RE) { +# 3337| fail(RE.toString()); +# 3338| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5668: path: Iterating over another element of "em.exceptions". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5670: path: Condition "t instanceof javax.mail.internet.AddressException", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5674: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5668: path: No elements left in "em.exceptions", leaving loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5688: path: Iterating over another element of "em.exceptions". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5690: path: Condition "t instanceof javax.mail.internet.AddressException", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5694: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5688: path: No elements left in "em.exceptions", leaving loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5708: path: Iterating over another element of "em.exceptions". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5710: path: Condition "com.sun.mail.util.logging.MailHandlerTest.isConnectOrTimeout(t)", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5711: path: Continuing loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5708: path: No elements left in "em.exceptions", leaving loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5725: new_resource: "new com.sun.mail.util.logging.MailHandler()" creates a new resource. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5725: var_assign: Assigning: "instance" = resource returned from "new com.sun.mail.util.logging.MailHandler()". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5726: noescape: Resource "instance" is not closed or saved in "internalErrorManagerFrom". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5730: path: Iterating over another element of "em.exceptions". +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5732: path: Condition "t instanceof javax.mail.internet.AddressException", taking true branch. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5733: path: Continuing loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5730: path: No elements left in "em.exceptions", leaving loop. +mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java:5742: leaked_resource: Variable "instance" going out of scope leaks the resource it refers to. +# 5740| } +# 5741| assertFalse(em.exceptions.isEmpty()); +# 5742|-> } finally { +# 5743| manager.reset(); +# 5744| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:52: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:52: noescape: Resource "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.FoldTest.class).getResourceAsStream("folddata")))" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:52: leaked_resource: Failing to save or close resource created by "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.FoldTest.class).getResourceAsStream("folddata")))" leaks it. +# 50| public static Collection data() throws IOException { +# 51| testData = new ArrayList<>(); +# 52|-> parse(new BufferedReader(new InputStreamReader( +# 53| FoldTest.class.getResourceAsStream("folddata")))); +# 54| return testData; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:67: path: Condition "(line = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:68: path: Condition "line.startsWith("#")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:69: path: Continuing loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:67: path: Condition "(line = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:68: path: Condition "line.startsWith("#")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:68: path: Condition "line.length() == 0", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:71: path: Condition "line.equals("BOTH")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:73: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:80: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:67: path: Condition "(line = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:68: path: Condition "line.startsWith("#")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:68: path: Condition "line.length() == 0", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:71: path: Condition "line.equals("BOTH")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:74: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:74: var_assigned: Assigning: "e" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java:75: null_method_call: Calling a method on null object "e". +# 73| } else { +# 74| String e = in.readLine(); +# 75|-> if (!e.equals("EXPECT")) +# 76| throw new IOException("TEST DATA FORMAT ERROR"); +# 77| String expect = readString(in); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:62: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:62: noescape: Resource "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream("tokenlist")))" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:62: leaked_resource: Failing to save or close resource created by "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream("tokenlist")))" leaks it. +# 60| junit = true; +# 61| testData = new ArrayList<>(); +# 62|-> parse(new BufferedReader(new InputStreamReader( +# 63| InternetAddressTest.class.getResourceAsStream("tokenlist")))); +# 64| return testData; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:133: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:135: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:135: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:137: path: Condition "c == ' '", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:140: path: Continuing loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:133: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:135: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:135: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:137: path: Condition "c == ' '", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:137: path: Condition "c == '\t'", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:144: path: Condition "header.startsWith("From: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:149: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:149: path: Condition "s.startsWith("Expect: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:153: path: Condition "i < nexpect", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:154: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java:154: null_method_call: Calling a method on null object "in.readLine()". +# 152| expect = new String[nexpect]; +# 153| for (i = 0; i < nexpect; i++) +# 154|-> expect[i] = in.readLine().trim(); +# 155| } catch (NumberFormatException e) { +# 156| try { + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:50: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:50: noescape: Resource "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressFoldTest.class).getResourceAsStream("addrfolddata")))" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:50: leaked_resource: Failing to save or close resource created by "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressFoldTest.class).getResourceAsStream("addrfolddata")))" leaks it. +# 48| public static Collection data() throws Exception { +# 49| testData = new ArrayList<>(); +# 50|-> parse(new BufferedReader(new InputStreamReader( +# 51| InternetAddressFoldTest.class.getResourceAsStream("addrfolddata")))); +# 52| return testData; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:67: path: Condition "(line = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:68: path: Condition "line.startsWith("#")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:69: path: Continuing loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:67: path: Condition "(line = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:68: path: Condition "line.startsWith("#")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:68: path: Condition "line.length() == 0", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:70: path: Condition "!line.startsWith("FOLD")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:74: path: Condition "i < count", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:75: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:74: path: Condition "i < count", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:76: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:76: var_assigned: Assigning: "e" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java:77: null_method_call: Calling a method on null object "e". +# 75| orig[i] = new InternetAddress(readString(in)); +# 76| String e = in.readLine(); +# 77|-> if (!e.equals("EXPECT")) +# 78| throw new IOException("TEST DATA FORMAT ERROR, MISSING EXPECT"); +# 79| String expect = readString(in); + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:68: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:68: noescape: Resource "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream("addrlist")))" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:68: leaked_resource: Failing to save or close resource created by "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream("addrlist")))" leaks it. +# 66| junit = true; +# 67| testData = new ArrayList<>(); +# 68|-> parse(new BufferedReader(new InputStreamReader( +# 69| InternetAddressTest.class.getResourceAsStream("addrlist")))); +# 70| return testData; + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:139: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == ' '", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:146: path: Continuing loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:139: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == ' '", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == '\t'", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:150: path: Condition "header.startsWith("Strict: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:152: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:189: path: Condition "s == null", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:191: path: Condition "s.length() == 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:192: path: Condition "(s = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:193: path: Condition "s.startsWith("From ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:194: path: Breaking from loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:196: path: Condition "s == null", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:200: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:139: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == ' '", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == '\t'", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:150: path: Condition "header.startsWith("Strict: ")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:152: path: Condition "header.startsWith("Header: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:154: path: Falling through to end of if statement. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:189: path: Condition "s == null", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:191: path: Condition "s.length() == 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:192: path: Condition "(s = in.readLine()) != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:193: path: Condition "s.startsWith("From ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:194: path: Breaking from loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:196: path: Condition "s == null", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:200: path: Jumping back to the beginning of the loop. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:139: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:141: path: Condition "s.length() > 0", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == ' '", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:143: path: Condition "c == '\t'", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:150: path: Condition "header.startsWith("Strict: ")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:152: path: Condition "header.startsWith("Header: ")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:154: path: Condition "header.startsWith("From: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:159: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:159: path: Condition "s.startsWith("Expect: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:163: path: Condition "i < nexpect", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:164: returned_null: "javax.mail.internet.InternetAddressTest.readLine(in)" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:164: null_method_call: Calling a method on null object "javax.mail.internet.InternetAddressTest.readLine(in)". +# 162| expect = new String[nexpect]; +# 163| for (i = 0; i < nexpect; i++) +# 164|-> expect[i] = readLine(in).trim(); +# 165| } catch (NumberFormatException e) { +# 166| try { + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:214: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:214: var_assigned: Assigning: "line" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:215: null_method_call: Calling a method on null object "line". +# 213| private static String readLine(BufferedReader in) throws IOException { +# 214| String line = in.readLine(); +# 215|-> if (!line.endsWith("\\")) +# 216| return line; +# 217| if (line.endsWith("\\\\")) + +Error: NULL_RETURNS (CWE-476): +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:215: path: Condition "!line.endsWith("\\")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:217: path: Condition "line.endsWith("\\\\")", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:221: path: Condition "true", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:222: returned_null: "in.readLine()" returns "null". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:222: var_assigned: Assigning: "line" = "null" return value from "readLine". +mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java:224: null_method_call: Calling a method on null object "line". +# 222| line = in.readLine(); +# 223| sb.append(line); +# 224|-> if (!line.endsWith("\\")) +# 225| break; +# 226| if (line.endsWith("\\\\")) { + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:78: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:78: var_assign: Assigning: "resource" = resource returned from "this.getClass().getResourceAsStream(resourceName)". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:79: path: Throwing "java.io.IOException" (or subclass) from call to "ObjectInputStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:82: path: Condition "in != null", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:85: path: Leaving finally statement; exiting method with uncaught exception. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java:85: leaked_resource: Variable "resource" going out of scope leaks the resource it refers to. +# 83| in.close(); +# 84| } +# 85|-> } +# 86| } +# 87| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:81: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:86: alloc_fn: A new resource is returned from allocation method "getInputStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:86: noescape: Resource "mbp.getInputStream()" is not closed or saved in "getString". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:86: leaked_resource: Failing to save or close resource created by "mbp.getInputStream()" leaks it. +# 84| assertEquals("text/x-test", mbp.getContentType()); +# 85| assertEquals("quoted-printable", mbp.getEncoding()); +# 86|-> assertEquals("test part", getString(mbp.getInputStream())); +# 87| } +# 88| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:110: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:115: alloc_fn: A new resource is returned from allocation method "getInputStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:115: noescape: Resource "mbp.getInputStream()" is not closed or saved in "getString". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:115: leaked_resource: Failing to save or close resource created by "mbp.getInputStream()" leaks it. +# 113| assertEquals("text/x-test", mbp.getContentType()); +# 114| assertEquals("quoted-printable", mbp.getEncoding()); +# 115|-> assertEquals("test part", getString(mbp.getInputStream())); +# 116| } +# 117| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:142: alloc_fn: A new resource is returned from allocation method "getInputStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:142: var_assign: Assigning: "in" = resource returned from "mbp2.getInputStream()". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:143: noescape: Resource "in" is not closed or saved in "read". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:143: path: Throwing "java.io.IOException" (or subclass) from call to "read"; exiting method with uncaught exception. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java:143: leaked_resource: Variable "in" going out of scope leaks the resource it refers to. +# 141| // ensure the data is correct by reading the first byte +# 142| InputStream in = mbp2.getInputStream(); +# 143|-> assertEquals(1, in.read()); +# 144| in.close(); +# 145| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:155: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:158: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "javax.mail.internet.MimeMessage.getInputStream".) +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:158: noescape: Resource "msg.getInputStream()" is not closed or saved in "getString". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:158: leaked_resource: Failing to save or close resource created by "msg.getInputStream()" leaks it. +# 156| assertEquals("text/x-test", msg.getContentType()); +# 157| assertEquals("quoted-printable", msg.getEncoding()); +# 158|-> assertEquals("test message", getString(msg.getInputStream())); +# 159| } +# 160| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:176: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:179: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "javax.mail.internet.MimeMessage.getInputStream".) +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:179: noescape: Resource "msg.getInputStream()" is not closed or saved in "getString". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java:179: leaked_resource: Failing to save or close resource created by "msg.getInputStream()" leaks it. +# 177| assertEquals("text/x-test", msg.getContentType()); +# 178| assertEquals("quoted-printable", msg.getEncoding()); +# 179|-> assertEquals("test message", getString(msg.getInputStream())); +# 180| } +# 181| + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:114: path: Starting defect path here. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:128: alloc_fn: A new resource is returned from allocation method "getInputStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:128: var_assign: Assigning: "is" = resource returned from "mbp2.getInputStream()". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:131: noescape: Resource "is" is not closed or saved in "read". +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:131: path: Condition "(c = is.read()) >= 0", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java:144: leaked_resource: Variable "is" going out of scope leaks the resource it refers to. +# 142| } +# 143| Assert.assertEquals("Expected size", size, k); +# 144|-> } +# 145| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:42: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:42: var_assign: Assigning: "mp" = resource returned from "m.getContent()". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:46: path: Throwing "javax.mail.MessagingException" from call to "MimeMessage"; exiting method with uncaught exception. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:46: leaked_resource: Variable "mp" going out of scope leaks the resource it refers to. +# 44| m.saveChanges(); +# 45| +# 46|-> MimeMessage m2 = new MimeMessage(m); +# 47| assertEquals("b", m2.getHeader("a", null)); +# 48| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:53: alloc_fn: A new resource is returned from allocation method "getContent". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:53: var_assign: Assigning: "mp" = resource returned from "m.getContent()". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:57: path: Throwing "javax.mail.MessagingException" from call to "MimeMessage"; exiting method with uncaught exception. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java:57: leaked_resource: Variable "mp" going out of scope leaks the resource it refers to. +# 55| m.saveChanges(); +# 56| +# 57|-> MimeMessage m2 = new MimeMessage(m); +# 58| assertEquals("test", m2.getHeader("Subject", null)); +# 59| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:63: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:63: noescape: Resource "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.ParameterListDecode.class).getResourceAsStream(paramData)))" is not closed or saved in "parse". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:63: leaked_resource: Failing to save or close resource created by "new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.ParameterListDecode.class).getResourceAsStream(paramData)))" leaks it. +# 61| protected static void testDecode(String paramData) throws Exception { +# 62| junit = true; +# 63|-> parse(new BufferedReader(new InputStreamReader( +# 64| ParameterListDecode.class.getResourceAsStream(paramData)))); +# 65| } + +Error: RESOURCE_LEAK (CWE-404): +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:402: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "javax.mail.internet.MimeMessage.getInputStream".) +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:402: var_assign: Assigning: "in" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader(msg.getInputStream()))". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:405: noescape: Resource "in" is not closed or saved in "readLine". +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:406: path: Condition "s != null", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:406: path: Condition "s.startsWith("Expect: ")", taking true branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:410: path: Condition "i < nexpect", taking false branch. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:412: path: Falling through to end of try statement. +mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java:426: leaked_resource: Variable "in" going out of scope leaks the resource it refers to. +# 424| String ct = msg.getContentType(); +# 425| test("Content-Type: ", ct, expect); +# 426|-> } +# 427| } + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java:288: returned_null: "list" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java:288: var_assigned: Assigning: "classes" = "null" return value from "list". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java:295: null_array_length: Accessing length of null array "classes". +# 293| }); +# 294| +# 295|-> for (String c : classes) { +# 296| process(prefix + c, new File(dir, c).lastModified()); +# 297| } + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:438: path: Iterating over another element of "classes.values()". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:439: path: Condition "c.isHidden()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:440: path: Continuing loop. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:438: path: No elements left in "classes.values()", leaving loop. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:448: path: Condition "annotations != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:448: path: Condition "!annotations.isEmpty()", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:448: path: Condition "jdoc != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:451: path: Condition "jdoc != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:455: path: Condition "annotations != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:456: path: No elements left in "annotations", leaving loop. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:465: path: Iterating over another element of "resources". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:470: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:465: path: Iterating over another element of "resources". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:467: alloc_fn: A new resource is returned from allocation method "openBinary". (The virtual call resolves to "com.sun.codemodel.writer.FileCodeWriter.openBinary".) +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:467: var_assign: Assigning: "os" = resource returned from "new java.io.BufferedOutputStream(cw.openBinary(this, rsrc.name()))". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:468: noescape: Resource "os" is not closed or saved in "build". (The virtual call resolves to "com.sun.codemodel.fmt.JStaticFile.build".) +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:468: path: Throwing "java.io.IOException" (or subclass) from call to "build"; exiting method with uncaught exception. (The virtual call resolves to "com.sun.codemodel.fmt.JStaticFile.build".) +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java:468: leaked_resource: Variable "os" going out of scope leaks the resource it refers to. +# 466| CodeWriter cw = rsrc.isResource() ? res : src; +# 467| OutputStream os = new BufferedOutputStream(cw.openBinary(this, rsrc.name())); +# 468|-> rsrc.build(os); +# 469| os.close(); +# 470| } + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java:57: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java:57: var_assign: Assigning: "dis" = resource returned from "new java.io.DataInputStream(classLoader.getResourceAsStream(resourceName))". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java:61: noescape: Resource "dis" is not closed or saved in "read". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java:61: path: Throwing "java.io.IOException" (or subclass) from call to "read"; exiting method with uncaught exception. +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java:61: leaked_resource: Variable "dis" going out of scope leaks the resource it refers to. +# 59| byte[] buf = new byte[256]; +# 60| int sz; +# 61|-> while( (sz=dis.read(buf))>0 ) +# 62| os.write(buf,0,sz); +# 63| + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:584: returned_null: "getEnumConstants" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:584: var_assigned: Assigning: "values" = "null" return value from "getEnumConstants". +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:585: null_array_length: Accessing length of null array "values". +# 583| try { +# 584| Object[] values = clazz.getEnumConstants(); +# 585|-> Field[] fields = new Field[values.length]; +# 586| for (int i = 0; i < values.length; i++) { +# 587| fields[i] = clazz.getField(((Enum) values[i]).name()); + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java:1647: returned_null: "makeInclude" returns "null" (checked 2 out of 4 times). (The virtual call resolves to "com.sun.tools.rngom.binary.SchemaBuilderImpl.IncludeImpl.makeInclude".) +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java:1647: var_assigned: Assigning: "include" = "null" return value from "makeInclude". +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java:1651: path: Condition "jj_ntk == -1", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java:1651: path: Switch case default. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java:1663: null_method_call: Calling a method on null object "include". +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/host/GrammarSectionHost.java:65: example_assign: Example 1: Assigning: "l" = return value from "lhs.makeInclude()". +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/host/GrammarSectionHost.java:66: example_checked: Example 1 (cont.): "l" has its value checked in "l == null". +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:1085: example_assign: Example 2: Assigning: "include" = return value from "section.makeInclude()". +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:1086: example_checked: Example 2 (cont.): "include" has its value checked in "include != null". +# 1661| } +# 1662| try { +# 1663|-> include.endInclude(parseable, resolve(href), ns, makeLocation(t), a); +# 1664| } +# 1665| catch (IllegalSchemaException e) { } + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:566: path: Condition "childPatterns == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:566: var_compare_op: Comparing "childPatterns" to null implies that "childPatterns" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:568: no_write_call: Although "endChild" does overwrite "this.childPatterns" on some paths, it also contains at least one feasible path which does not overwrite it. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:570: path: Condition "comments != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java:571: null_method_call: Calling a method on null object "childPatterns". +# 569| } +# 570| if (comments != null) { +# 571|-> int idx = childPatterns.size() - 1; +# 572| childPatterns.set(idx, schemaBuilder.commentAfter(childPatterns.get(idx), comments)); +# 573| comments = null; + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:76: alloc_fn: A new resource is returned from allocation method "take". (The virtual call resolves to "com.sun.istack.Pool.Impl.take".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:76: var_assign: Assigning: "m" = resource returned from "context.marshallerPool.take()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:77: noescape: Resource "m" is not closed or saved in "setAttachmentMarshaller". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:78: noescape: Resource "m" is not closed or saved in "marshal". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:78: path: Throwing "jakarta.xml.bind.MarshalException" from call to "marshal"; exiting method with uncaught exception. (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:78: leaked_resource: Variable "m" going out of scope leaks the resource it refers to. +# 76| Marshaller m = context.marshallerPool.take(); +# 77| m.setAttachmentMarshaller(am); +# 78|-> marshal(m,object,output); +# 79| m.setAttachmentMarshaller(null); +# 80| context.marshallerPool.recycle(m); + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:106: alloc_fn: A new resource is returned from allocation method "take". (The virtual call resolves to "com.sun.istack.Pool.Impl.take".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:106: var_assign: Assigning: "m" = resource returned from "context.marshallerPool.take()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:107: noescape: Resource "m" is not closed or saved in "setAttachmentMarshaller". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:108: noescape: Resource "m" is not closed or saved in "marshal". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:108: path: Throwing "jakarta.xml.bind.MarshalException" from call to "marshal"; exiting method with uncaught exception. (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:108: leaked_resource: Variable "m" going out of scope leaks the resource it refers to. +# 106| Marshaller m = context.marshallerPool.take(); +# 107| m.setAttachmentMarshaller(am); +# 108|-> marshal(m,object,output,nsContext); +# 109| m.setAttachmentMarshaller(null); +# 110| context.marshallerPool.recycle(m); + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:117: alloc_fn: A new resource is returned from allocation method "take". (The virtual call resolves to "com.sun.istack.Pool.Impl.take".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:117: var_assign: Assigning: "m" = resource returned from "context.marshallerPool.take()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:118: noescape: Resource "m" is not closed or saved in "marshal". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:118: path: Throwing "jakarta.xml.bind.MarshalException" from call to "marshal"; exiting method with uncaught exception. (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:118: leaked_resource: Variable "m" going out of scope leaks the resource it refers to. +# 116| public final void marshal(T object,Node output) throws JAXBException { +# 117| Marshaller m = context.marshallerPool.take(); +# 118|-> marshal(m,object,output); +# 119| context.marshallerPool.recycle(m); +# 120| } + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:135: alloc_fn: A new resource is returned from allocation method "take". (The virtual call resolves to "com.sun.istack.Pool.Impl.take".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:135: var_assign: Assigning: "m" = resource returned from "context.marshallerPool.take()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:136: noescape: Resource "m" is not closed or saved in "setAttachmentMarshaller". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:137: noescape: Resource "m" is not closed or saved in "marshal". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:137: path: Throwing "jakarta.xml.bind.MarshalException" from call to "marshal"; exiting method with uncaught exception. (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:137: leaked_resource: Variable "m" going out of scope leaks the resource it refers to. +# 135| Marshaller m = context.marshallerPool.take(); +# 136| m.setAttachmentMarshaller(am); +# 137|-> marshal(m,object,contentHandler); +# 138| m.setAttachmentMarshaller(null); +# 139| context.marshallerPool.recycle(m); + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:148: alloc_fn: A new resource is returned from allocation method "take". (The virtual call resolves to "com.sun.istack.Pool.Impl.take".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:148: var_assign: Assigning: "m" = resource returned from "context.marshallerPool.take()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:149: noescape: Resource "m" is not closed or saved in "marshal". (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:149: path: Throwing "jakarta.xml.bind.MarshalException" from call to "marshal"; exiting method with uncaught exception. (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java:149: leaked_resource: Variable "m" going out of scope leaks the resource it refers to. +# 147| public final void marshal(T object, Result result) throws JAXBException { +# 148| Marshaller m = context.marshallerPool.take(); +# 149|-> marshal(m,object,result); +# 150| context.marshallerPool.recycle(m); +# 151| } + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:362: path: Condition "shouldRecurseSuperClass(sc)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:366: path: Iterating over another element of "nav().getDeclaredFields(c)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:370: path: Condition "nav().isTransient(f)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:372: path: Condition "org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.hasJAXBAnnotation(annotations)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:376: path: Falling through to end of if statement. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:399: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:366: path: Iterating over another element of "nav().getDeclaredFields(c)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:370: path: Condition "nav().isTransient(f)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:377: path: Condition "nav().isStaticField(f)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:382: path: Condition "at == jakarta.xml.bind.annotation.XmlAccessType.FIELD", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:385: path: Condition "isDummy", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top.getProperty("content") == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:389: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top.getProperty("content") == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:389: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: var_compare_op: Comparing "top" to null implies that "top" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:390: null_method_call: Calling a method on null object "top". +# 388| top = top.getBaseClass(); +# 389| } +# 390|-> DummyPropertyInfo prop = (DummyPropertyInfo) top.getProperty("content"); +# 391| PropertySeed seed = createFieldSeed(f); +# 392| prop.addType(createReferenceProperty(seed)); + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:362: path: Condition "shouldRecurseSuperClass(sc)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:366: path: Iterating over another element of "nav().getDeclaredFields(c)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:370: path: Condition "nav().isTransient(f)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:372: path: Condition "org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.hasJAXBAnnotation(annotations)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:376: path: Falling through to end of if statement. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:399: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:366: path: Iterating over another element of "nav().getDeclaredFields(c)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:370: path: Condition "nav().isTransient(f)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:377: path: Condition "nav().isStaticField(f)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:382: path: Condition "at == jakarta.xml.bind.annotation.XmlAccessType.FIELD", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:385: path: Condition "isDummy", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: path: Condition "top.getProperty("content") == null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:390: returned_null: "getProperty" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.getProperty".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:390: var_assigned: Assigning: "prop" = "null" return value from "getProperty". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:392: null_method_call: Calling a method on null object "prop". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java:387: example_checked: Example 1: "top.getProperty("content")" has its value checked in "top.getProperty("content") == null". +# 390| DummyPropertyInfo prop = (DummyPropertyInfo) top.getProperty("content"); +# 391| PropertySeed seed = createFieldSeed(f); +# 392|-> prop.addType(createReferenceProperty(seed)); +# 393| } else { +# 394| addProperty(createFieldSeed(f), annotations, false); + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java:144: path: Condition "isRequired == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java:144: var_compare_op: Comparing "isRequired" to null implies that "isRequired" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java:145: no_write_call: Although "getTypes" does overwrite "this.isRequired" on some paths, it also contains at least one feasible path which does not overwrite it. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java:146: unbox_null: Unboxing null object "isRequired". +# 144| if(isRequired==null) +# 145| getTypes(); // compute the value +# 146|-> return isRequired; +# 147| } +# 148| + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ModelBuilder.java:129: assign_zero: Assigning: "s" = "null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ModelBuilder.java:130: null_method_call: Calling a method on null object "s". +# 128| try { +# 129| XmlSchema s = null; +# 130|-> s.location(); +# 131| } catch (NullPointerException e) { +# 132| // as epxected + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java:427: path: Condition "mimeType == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java:437: path: Condition "itr.hasNext()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java:439: returned_null: "createImageOutputStream" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java:439: var_assigned: Assigning: "os" = "null" return value from "createImageOutputStream". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java:442: null_method_call: Calling a method on null object "os". +# 440| w.setOutput(os); +# 441| w.write(convertToBufferedImage(v)); +# 442|-> os.close(); +# 443| w.dispose(); +# 444| } else { + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java:266: path: Condition "loader == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java:271: path: Condition "result.size() == 1", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java:273: returned_null: "getOne" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java:273: null_method_call: Calling a method on null object "result.getOne()". +# 271| if(result.size()==1) +# 272| // for ElementBeanInfoImpl created from RuntimeElementInfo +# 273|-> this.loader = new IntercepterLoader(result.getOne().getValue().loader); +# 274| else +# 275| // for special ElementBeanInfoImpl only used for marshalling + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:516: path: Condition "c != (java.lang.Object.class)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:518: path: Condition "bi != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:519: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:516: returned_null: "getSuperclass" returns "null" (checked 5 out of 9 times). +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:516: var_assigned: Assigning: "c" = "null" return value from "getSuperclass". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:516: path: Condition "c != (java.lang.Object.class)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:518: path: Condition "bi != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:519: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java:516: null_method_call: Calling a method on null object "c". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JCodeModel.java:719: example_assign: Example 1: Assigning: "sp" = return value from "_class.getSuperclass()". +jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JCodeModel.java:720: example_checked: Example 1 (cont.): "sp" has its value checked in "sp == null". +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:660: example_assign: Example 2: Assigning: "clazz" = return value from "clazz.getSuperclass()". +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:651: example_checked: Example 2 (cont.): "clazz" has its value checked in "clazz != null". +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:52: example_assign: Example 3: Assigning: "sc" = return value from "clazz.getSuperclass()". +jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java:53: example_checked: Example 3 (cont.): "sc" has its value checked in "sc == null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JaxBeanInfo.java:459: example_assign: Example 4: Assigning: "jt" = return value from "jt.getSuperclass()". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JaxBeanInfo.java:423: example_checked: Example 4 (cont.): "jt" has its value checked in "jt != null". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:138: example_assign: Example 5: Assigning: "c" = return value from "c.getSuperclass()". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:132: example_checked: Example 5 (cont.): "c" has its value checked in "c != null". +# 514| public JaxBeanInfo getBeanInfo(Object o) { +# 515| // don't allow xs:anyType beanInfo to handle all the unbound objects +# 516|-> for( Class c=o.getClass(); c!=Object.class; c=c.getSuperclass()) { +# 517| JaxBeanInfo bi = beanInfoMap.get(c); +# 518| if(bi!=null) return bi; + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:102: returned_null: "print" returns "null" (checked 2 out of 6 times). (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:102: null_method_call: Calling a method on null object "xacc.print(bean)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:362: example_assign: Example 1: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:363: example_checked: Example 1 (cont.): "value" has its value checked in "value == null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:69: example_assign: Example 2: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:70: example_checked: Example 2 (cont.): "value" has its value checked in "value != null". +# 100| @Override +# 101| public String getIdValue(BeanT bean) throws AccessorException, SAXException { +# 102|-> return xacc.print(bean).toString(); +# 103| } +# 104| + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/SingleElementLeafProperty.java:70: returned_null: "print" returns "null" (checked 2 out of 6 times). (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/SingleElementLeafProperty.java:70: null_method_call: Calling a method on null object "xacc.print(bean)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:362: example_assign: Example 1: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:363: example_checked: Example 1 (cont.): "value" has its value checked in "value == null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:69: example_assign: Example 2: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:70: example_checked: Example 2 (cont.): "value" has its value checked in "value != null". +# 68| @Override +# 69| public String getIdValue(BeanT bean) throws AccessorException, SAXException { +# 70|-> return xacc.print(bean).toString(); +# 71| } +# 72| + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/ValueProperty.java:87: returned_null: "print" returns "null" (checked 2 out of 6 times). (The virtual call resolves to "org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print".) +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/ValueProperty.java:87: null_method_call: Calling a method on null object "xacc.print(bean)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:362: example_assign: Example 1: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java:363: example_checked: Example 1 (cont.): "value" has its value checked in "value == null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:69: example_assign: Example 2: Assigning: "value" = return value from "xacc.print(o)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java:70: example_checked: Example 2 (cont.): "value" has its value checked in "value != null". +# 85| @Override +# 86| public String getIdValue(BeanT bean) throws AccessorException, SAXException { +# 87|-> return xacc.print(bean).toString(); +# 88| } +# 89| + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_method_Boolean.java:38: returned_null: "_parseBoolean" returns "null" (checked 3 out of 5 times). +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_method_Boolean.java:38: unbox_null: Unboxing null object "org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexical)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/DatatypeConverterImpl.java:953: example_assign: Example 1: Assigning: "b" = return value from "org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexicalXSDBoolean)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/DatatypeConverterImpl.java:954: example_checked: Example 1 (cont.): "b" has its value checked in "b != null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_field_Boolean.java:36: example_assign: Example 2: Assigning: "b" = return value from "org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexical)". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_field_Boolean.java:38: example_checked: Example 2 (cont.): "b" has its value checked in "b != null". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/XsiNilLoader.java:44: example_assign: Example 3: Assigning: "b" = return value from "org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(ea.atts.getValue(idx))". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/XsiNilLoader.java:46: example_checked: Example 3 (cont.): "b" has its value checked in "b != null". +# 36| @Override +# 37| public void parse(T o, CharSequence lexical) { +# 38|-> ((Bean)o).set_boolean(DatatypeConverterImpl._parseBoolean(lexical)); +# 39| } +# 40| + +Error: VOLATILE_ATOMICITY (CWE-366): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1302: path: Condition "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.logger.isLoggable(java.util.logging.Level.FINEST)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1305: path: Condition "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter >= 0", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1306: read_volatile: Reading "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter", a volatile field, without any lock held. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1306: intervening_update: Another thread writes to "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1306: stale_update: Updating "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter" based on a stale value. Any intervening update in another thread is overwritten. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java:1305: example_comparison: Example 1: Example comparison of "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter" to value, suggesting a semantically meaningful use. +# 1304| +# 1305| if (errorsCounter >= 0) { +# 1306|-> --errorsCounter; +# 1307| if (errorsCounter == 0) // it's possible to miss this because of concurrency. If required add synchronization here +# 1308| handleEvent(new ValidationEventImpl(ValidationEvent.WARNING, Messages.ERRORS_LIMIT_EXCEEDED.format(), + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1019: var_compare_op: Comparing "propInfo" to null implies that "propInfo" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1021: path: Condition "canBeDirectElementRef(t, tn, parentInfo)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1022: path: Condition "!t.getTarget().isSimpleType()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1022: path: Condition "t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.ClassInfo", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1027: path: Condition "t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.Element", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1032: null_method_call: Calling a method on null object "propInfo". +# 1030| } +# 1031| +# 1032|-> Collection refs = propInfo.ref(); +# 1033| if ((refs != null) && (!refs.isEmpty()) && (elemName != null)){ +# 1034| ClassInfoImpl cImpl = null; + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1021: path: Condition "canBeDirectElementRef(t, tn, parentInfo)", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1022: path: Condition "!t.getTarget().isSimpleType()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1022: path: Condition "t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.ClassInfo", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1027: path: Condition "t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.Element", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1033: path: Condition "refs != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1033: path: Condition "!refs.isEmpty()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1033: path: Condition "elemName != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1035: path: Iterating over another element of "refs". +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1036: path: Condition "ref == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1036: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java:1037: null_method_call: Calling a method on null object "ref". +# 1035| for (TypeInfo ref : refs) { +# 1036| if (ref == null || ref instanceof ClassInfoImpl) { +# 1037|-> if (elemName.equals(((ClassInfoImpl)ref).getElementName())) { +# 1038| cImpl = (ClassInfoImpl) ref; +# 1039| break; + +Error: RESOURCE_LEAK (CWE-404): +jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java:227: alloc_fn: A new resource is returned from allocation method "getResourceAsStream". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java:227: noescape: Resource "(com.sun.tools.txw2.TxwOptions.class).getResourceAsStream("version.properties")" is not closed or saved in "load". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java:227: leaked_resource: Failing to save or close resource created by "(com.sun.tools.txw2.TxwOptions.class).getResourceAsStream("version.properties")" leaks it. +# 225| try { +# 226| Properties p = new Properties(); +# 227|-> p.load(TxwOptions.class.getResourceAsStream("version.properties")); +# 228| return p.get("version").toString(); +# 229| } catch (Throwable t) { + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:190: path: Condition "nsUri != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:191: path: Condition "localName != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:195: path: Condition "!started", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:203: path: Condition "ns != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:206: path: Condition "ns.prefix != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:208: path: Condition "uri != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:208: path: Condition "uri.equals(ns.uri)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:216: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:203: path: Condition "ns != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:219: path: Condition "ns != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:220: path: Condition "ns.prefix == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:221: path: Condition "inscopeNamespace.getURI("").equals(ns.uri)", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:225: path: Condition "p == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:227: path: Condition "inscopeNamespace.getURI(p = newPrefix()) != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:228: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:227: path: Condition "inscopeNamespace.getURI(p = newPrefix()) != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:235: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:219: path: Condition "ns != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:220: path: Condition "ns.prefix == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:221: returned_null: "getURI" returns "null" (checked 2 out of 4 times). +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:221: null_method_call: Calling a method on null object "inscopeNamespace.getURI("")". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:207: example_assign: Example 1: Assigning: "uri" = return value from "inscopeNamespace.getURI(ns.prefix)". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:208: example_checked: Example 1 (cont.): "uri" has its value checked in "uri != null". +jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java:227: example_checked: Example 2: "inscopeNamespace.getURI(p = newPrefix())" has its value checked in "inscopeNamespace.getURI(p = newPrefix()) != null". +# 219| for( NamespaceDecl ns=namespaces; ns!=null; ns=ns.next ) { +# 220| if(ns.prefix==null) { +# 221|-> if(inscopeNamespace.getURI("").equals(ns.uri)) +# 222| ns.prefix=""; +# 223| else { + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:477: path: Iterating over another element of "forest.getRootDocuments()". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:479: returned_null: "get" returns "null" (checked 7 out of 12 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:479: var_assigned: Assigning: "dom" = "null" return value from "get". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:480: null_method_call: Calling a method on null object "dom". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:398: example_checked: Example 1: "forest.get(systemId)" has its value checked in "forest.get(systemId) != null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:341: example_assign: Example 2: Assigning: "wsdlDom" = return value from "forest.get(grammar.getSystemId())". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:342: example_checked: Example 2 (cont.): "wsdlDom" has its value checked in "wsdlDom == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java:63: example_assign: Example 3: Assigning: "dom" = return value from "forest.get(systemId)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java:65: example_checked: Example 3 (cont.): "dom" has its value checked in "dom == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:192: example_assign: Example 4: Assigning: "target" = return value from "forest.get(schemaLocation)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:193: example_checked: Example 4 (cont.): "target" has its value checked in "target == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:202: example_assign: Example 5: Assigning: "target" = return value from "forest.get(schemaLocation)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:203: example_checked: Example 5 (cont.): "target" has its value checked in "target == null". +# 478| errorReceiver.pollAbort(); +# 479| Document dom = forest.get(systemId); +# 480|-> if (!Const.JAXB_NSURI.equals(dom.getDocumentElement().getNamespaceURI())) { +# 481| reader.parse(systemId); +# 482| } + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java:342: returned_null: "getElement" returns "null" (checked 0 out of 3 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java:342: null_field_access: Accessing field of null object "getElement(element)". +# 340| public JClassContainer onElement(CElementInfo element) { +# 341| // hmm... +# 342|-> return getElement(element).implClass; +# 343| } +# 344| + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java:360: returned_null: "getElement" returns "null" (checked 0 out of 3 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java:360: null_field_access: Accessing field of null object "getElement(element)". +# 358| @Override +# 359| public JClassContainer onElement(CElementInfo element) { +# 360|-> return getElement(element).implClass; +# 361| } +# 362| + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java:68: path: Condition "uniqueTypes.size() == 1", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java:72: path: Condition "!uniqueTypes.isEmpty()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java:78: assign_zero: Assigning: "s" = "null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java:80: path: No elements left in "uniqueTypes", leaving loop. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java:90: null_method_call: Calling a method on null object "s". +# 88| +# 89| // any JClass can be casted to Object, so make sure it's always there +# 90|-> s.add( codeModel.ref(Object.class)); +# 91| +# 92| // refine 's' by removing "lower" types. + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:208: path: Condition "ci != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:208: var_compare_op: Comparing "ci" to null implies that "ci" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:208: path: Condition "attributes.isEmpty()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:209: path: No elements left in "attributes", leaving loop. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:212: path: Switch case value "com.sun.xml.dtdparser.DTDEventListener.CONTENT_MODEL_ANY". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java:216: null_method_call: Calling a method on null object "ci". +# 214| CReferencePropertyInfo rp = new CReferencePropertyInfo("Content",true,false,true,null,null/*TODO*/,locator, false, false, false); +# 215| rp.setWildcard(WildcardMode.SKIP); +# 216|-> ci.addProperty(rp); +# 217| return; +# 218| case DTDEventListener.CONTENT_MODEL_CHILDREN: + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:376: path: Condition "root", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:382: path: Condition "errorReceiver != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:382: var_compare_op: Comparing "errorReceiver" to null implies that "errorReceiver" might be null. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:384: path: Condition "entityResolver != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:386: path: Throwing "java.io.IOException" (or subclass) from call to "parse". (The virtual call resolves to "org.xml.sax.helpers.XMLFilterImpl.parse".) +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:393: path: Catching exception. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:394: null_method_call: Calling a method on null object "errorReceiver". +# 392| return null; +# 393| } catch( IOException e ) { +# 394|-> errorReceiver.error(Messages.format(Messages.DOMFOREST_INPUTSOURCE_IOEXCEPTION, systemId, e.toString()),e); +# 395| core.remove(systemId); +# 396| rootDocuments.remove(systemId); + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:455: path: Iterating over another element of "getRootDocuments()". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:457: path: Condition ""https://jakarta.ee/xml/ns/jaxb" /* com.sun.tools.xjc.reader.Const.JAXB_NSURI */.equals(dom.getDocumentElement().getNamespaceURI())", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:463: path: Falling through to end of try statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:467: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:455: path: Iterating over another element of "getRootDocuments()". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:456: returned_null: "get" returns "null" (checked 7 out of 12 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:456: var_assigned: Assigning: "dom" = "null" return value from "get". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java:457: null_method_call: Calling a method on null object "dom". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:398: example_checked: Example 1: "forest.get(systemId)" has its value checked in "forest.get(systemId) != null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:341: example_assign: Example 2: Assigning: "wsdlDom" = return value from "forest.get(grammar.getSystemId())". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java:342: example_checked: Example 2 (cont.): "wsdlDom" has its value checked in "wsdlDom == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java:63: example_assign: Example 3: Assigning: "dom" = return value from "forest.get(systemId)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java:65: example_checked: Example 3 (cont.): "dom" has its value checked in "dom == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:192: example_assign: Example 4: Assigning: "target" = return value from "forest.get(schemaLocation)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:193: example_checked: Example 4 (cont.): "target" has its value checked in "target == null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:202: example_assign: Example 5: Assigning: "target" = return value from "forest.get(schemaLocation)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:203: example_checked: Example 5 (cont.): "target" has its value checked in "target == null". +# 455| for( String systemId : getRootDocuments() ) { +# 456| Document dom = get(systemId); +# 457|-> if (Const.JAXB_NSURI.equals(dom.getDocumentElement().getNamespaceURI())) +# 458| continue; // this isn't a schema. we have to do a negative check because if we see completely unrelated ns, we want to report that as an error +# 459| + +Error: FORWARD_NULL (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:146: assign_zero: Assigning: "targetMultiple" = "null". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:154: path: Condition "bindings.getAttribute("required") != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:157: path: Condition "requiredAttr.equals("no")", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:161: path: Condition "bindings.getAttribute("multiple") != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:164: path: Condition "requiredAttr.equals("yes")", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:170: path: Condition "bindings.getAttributeNode("schemaLocation") != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:174: path: Condition "schemaLocation.equals("*")", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:188: path: Throwing "java.net.MalformedURLException" from call to "URL". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:197: path: Catching exception. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:198: path: Falling through to end of try statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:203: path: Condition "target == null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:217: path: Condition "bindings.getAttributeNode("node") != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:225: path: Falling through to end of try statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:233: path: Condition "nlst.getLength() == 0", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:240: path: Condition "nlst.getLength() != 1", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:255: path: Condition "!multiple", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:255: path: Condition "nlst.getLength() == 1", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java:272: null_method_call: Calling a method on null object "targetMultiple". +# 270| target = rnode; +# 271| } else { +# 272|-> for(Node rnode : targetMultiple) { +# 273| if (!(rnode instanceof Element)) { +# 274| reportError(bindings, + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java:100: path: Condition "ci != null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java:106: path: Condition "type.isGlobal()", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java:130: returned_null: "getScope" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "com.sun.xml.xsom.impl.SchemaSetImpl.AnyType.getScope".) +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java:130: var_assigned: Assigning: "element" = "null" return value from "getScope". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java:132: null_method_call: Calling a method on null object "element". +# 130| XSElementDecl element = type.getScope(); +# 131| +# 132|-> if( element.isGlobal() && isCollapsable(element)) { +# 133| if(builder.getBindInfo(element).get(BIClass.class)!=null) +# 134| // the parent element was bound to a class. Don't bind this again to + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:535: path: Condition "loc == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:538: path: Condition "className == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:541: path: Condition "!type.isGlobal()", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:557: path: Condition "javadoc != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:557: path: Falling through to end of if statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:570: path: Condition "use.isCollection()", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:575: path: Condition "baseDt instanceof com.sun.tools.xjc.model.CClassInfo", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:581: path: Condition "memberList == null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:581: path: Condition "checkMemberNameCollision(memberList) != null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:582: path: Switch case value "com.sun.tools.xjc.reader.xmlschema.bindinfo.EnumMemberMode.ERROR". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:588: path: Condition "memberList == null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:593: returned_null: "checkMemberNameCollision" returns "null" (checked 1 out of 2 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:593: var_assigned: Assigning: "collision" = "null" return value from "checkMemberNameCollision". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:594: null_array_access: Accessing an element on null array "collision". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java:581: example_checked: Example 1: "checkMemberNameCollision(memberList)" has its value checked in "checkMemberNameCollision(memberList) != null". +# 592| } else { +# 593| CEnumConstant[] collision = checkMemberNameCollision(memberList); +# 594|-> getErrorReporter().error( collision[0].getLocator(), +# 595| Messages.ERR_ENUM_MEMBER_NAME_COLLISION, +# 596| collision[0].getName() ); + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:167: path: Condition "adapter == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:170: path: Throwing "com.sun.codemodel.JClassAlreadyExistsException" from call to "_class". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:171: path: Catching exception. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:177: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:167: path: Condition "adapter == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:171: path: Falling through to end of try statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:177: path: Jumping back to the beginning of the loop. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:167: path: Condition "adapter == null", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:188: path: Condition "parseMethod.equals("new")", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:194: path: Falling through to end of if statement. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:213: path: Condition "printMethod.startsWith("jakarta.xml.bind.DatatypeConverter.")", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:220: path: Condition "idx < 0", taking false branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:232: path: Condition "this.printMethod == null", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:235: returned_null: "findBaseConversion" returns "null" (checked 1 out of 2 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:235: null_method_call: Calling a method on null object "findBaseConversion(owner)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:275: example_assign: Example 1: Assigning: "bc" = return value from "findBaseConversion(owner)". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java:276: example_checked: Example 1 (cont.): "bc" has its value checked in "bc == null". +# 233| // HACK HACK HACK +# 234| JType t = inMemoryType.unboxify(); +# 235|-> inv = JExpr.direct(printMethod+"(("+findBaseConversion(owner).toLowerCase()+")("+t.fullName()+")value)"); +# 236| } else +# 237| inv = JExpr.direct(printMethod+"(value)"); + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java:40: path: Condition "m.lookingAt()", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java:41: returned_null: "group" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java:41: var_assigned: Assigning: "r" = "null" return value from "group". +jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java:42: null_method_call: Calling a method on null object "r". +# 40| if(m.lookingAt()) { +# 41| String r = m.group(); +# 42|-> s = s.substring(r.length()); +# 43| trim(); +# 44| return r; + +Error: NULL_RETURNS (CWE-476): +jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java:476: path: Condition "idx < 0", taking true branch. +jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java:477: returned_null: "resolveNamespacePrefix" returns "null" (checked 0 out of 1 times). +jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java:477: var_assigned: Assigning: "uri" = "null" return value from "resolveNamespacePrefix". +jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java:480: null_method_call: Calling a method on null object "uri". +# 478| +# 479| // chamelon behavior. ugly... +# 480|-> if( uri.equals("") && chameleonMode ) +# 481| uri = currentSchema.getTargetNamespace(); +# 482| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3215: path: Condition "reg->alloc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3215: path: Condition "!cpuc->is_fake", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3224: lock: Locking "&era->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3226: path: Condition "!atomic_read(&era->ref)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3226: path: Condition "era->config == reg->config", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3264: def: Assigning data that might be protected by the lock to "idx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3265: path: Condition "idx != reg->idx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3266: unlock: Unlocking "&era->lock". "idx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3267: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3226: path: Condition "!atomic_read(&era->ref)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3226: path: Condition "era->config == reg->config", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3224: lockagain: Locking "&era->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c:3264: use: Using an unreliable value of "idx" inside the second locked section. If the data that "idx" depends on was changed by another thread, this use might be incorrect. +# 3262| c = NULL; +# 3263| } else { +# 3264|-> idx = intel_alt_er(cpuc, idx, reg->config); +# 3265| if (idx != reg->idx) { +# 3266| raw_spin_unlock_irqrestore(&era->lock, flags); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:531: infer_lock: Assuming "&ioapic->lock" is locked since it is unlocked without prior lock in this function. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:536: def: Assigning data that might be protected by the lock to "apic". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:547: unlock: Unlocking "&ioapic->lock". "apic" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:551: path: Condition "trigger_mode != 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:549: lockagain: Locking "&ioapic->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c:551: use: Using an unreliable value of "apic" inside the second locked section. If the data that "apic" depends on was changed by another thread, this use might be incorrect. +# 549| spin_lock(&ioapic->lock); +# 550| +# 551|-> if (trigger_mode != IOAPIC_LEVEL_TRIG || +# 552| kvm_lapic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI) +# 553| return; + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/pmu.h:37: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/pmu.c:85: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 83| void kvm_pmu_ops_update(const struct kvm_pmu_ops *pmu_ops) +# 84| { +# 85|-> memcpy(&kvm_pmu_ops, pmu_ops, sizeof(kvm_pmu_ops)); +# 86| +# 87| #define __KVM_X86_PMU_OP(func) \ + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/include/asm/kvm_host.h:1654: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/x86.c:9390: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 9388| static inline void kvm_ops_update(struct kvm_x86_init_ops *ops) +# 9389| { +# 9390|-> memcpy(&kvm_x86_ops, ops->runtime_ops, sizeof(kvm_x86_ops)); +# 9391| +# 9392| #define __KVM_X86_OP(func) \ + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:688: path: Condition "vec", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:690: local_ptr_assign_local: Assigning: "iov" = "fast_iov" (address of local variable "fast_iov"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:693: path: Condition "iov_count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:693: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:693: local_ptr_assign_ptr: Assigning: "ret" = "import_iovec(rw, ubuf, (iov_count ? iov_count : buf_len), 8U, &iov, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:695: path: Condition "ret < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c:696: return_local_addr_alias: Returning pointer "ret" which points to local variable "fast_iov". +# 694| UIO_FASTIOV, &iov, &iter); +# 695| if (ret < 0) +# 696|-> return ret; +# 697| +# 698| if (iov_count) { + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:310: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:314: path: Condition "IS_ERR(cipher_name)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:318: path: Condition "!inst", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:325: path: Condition "err == -2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:327: path: Condition "snprintf(ecb_name, 128, "ecb(%s)", cipher_name) >= 128", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:331: local_addr: Address of local variable "ecb_name". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:331: identity_transfer: Passing "ecb_name" as argument 3 to function "crypto_grab_skcipher", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:331: local_ptr_assign_ptr: Assigning: "err" = "crypto_grab_skcipher(spawn, skcipher_crypto_instance(inst), ecb_name, 0U, mask)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:336: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:337: path: Jumping to label "err_free_inst". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c:406: return_local_addr_alias: Returning pointer "err" which points to local variable "ecb_name". +# 404| lrw_free_instance(inst); +# 405| } +# 406|-> return err; +# 407| } +# 408| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1502: def: Assigning data that might be protected by the lock to "qc". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "qc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "qc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1577: path: Condition "qc->flags & ATA_QCFLAG_ACTIVE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1580: path: Condition "ap->ops->error_handler", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1570: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1583: use: Using an unreliable value of "qc" inside the second locked section. If the data that "qc" depends on was changed by another thread, this use might be incorrect. +# 1581| ata_port_freeze(ap); +# 1582| else +# 1583|-> ata_qc_complete(qc); +# 1584| +# 1585| ata_dev_warn(dev, "qc timeout after %u msecs (cmd 0x%x)\n", + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1502: def: Assigning data that might be protected by the lock to "qc". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "qc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "qc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1593: path: Condition "ap->ops->post_internal_cmd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1597: path: Condition "qc->flags & ATA_QCFLAG_EH", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1598: path: Condition "qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1601: path: Condition "!qc->err_mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1604: path: Condition "qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1606: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1611: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1616: use: Using an unreliable value of "qc" inside the second locked section. If the data that "qc" depends on was changed by another thread, this use might be incorrect. +# 1614| err_mask = qc->err_mask; +# 1615| +# 1616|-> ata_qc_free(qc); +# 1617| link->active_tag = preempted_tag; +# 1618| link->sactive = preempted_sactive; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1511: def: Assigning data that might be protected by the lock to "preempted_tag". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "preempted_tag" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "preempted_tag" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1577: path: Condition "qc->flags & ATA_QCFLAG_ACTIVE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1580: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1581: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1585: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1589: unlock: Unlocking "ap->lock". "preempted_tag" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1593: path: Condition "ap->ops->post_internal_cmd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1597: path: Condition "qc->flags & ATA_QCFLAG_EH", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1598: path: Condition "qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1601: path: Condition "!qc->err_mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1604: path: Condition "qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1606: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1611: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1617: use: Using an unreliable value of "preempted_tag" inside the second locked section. If the data that "preempted_tag" depends on was changed by another thread, this use might be incorrect. +# 1615| +# 1616| ata_qc_free(qc); +# 1617|-> link->active_tag = preempted_tag; +# 1618| link->sactive = preempted_sactive; +# 1619| ap->qc_active = preempted_qc_active; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1512: def: Assigning data that might be protected by the lock to "preempted_sactive". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "preempted_sactive" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "preempted_sactive" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1577: path: Condition "qc->flags & ATA_QCFLAG_ACTIVE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1580: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1581: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1585: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1589: unlock: Unlocking "ap->lock". "preempted_sactive" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1593: path: Condition "ap->ops->post_internal_cmd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1597: path: Condition "qc->flags & ATA_QCFLAG_EH", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1598: path: Condition "qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1601: path: Condition "!qc->err_mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1604: path: Condition "qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1606: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1611: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1618: use: Using an unreliable value of "preempted_sactive" inside the second locked section. If the data that "preempted_sactive" depends on was changed by another thread, this use might be incorrect. +# 1616| ata_qc_free(qc); +# 1617| link->active_tag = preempted_tag; +# 1618|-> link->sactive = preempted_sactive; +# 1619| ap->qc_active = preempted_qc_active; +# 1620| ap->nr_active_links = preempted_nr_active_links; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1513: def: Assigning data that might be protected by the lock to "preempted_qc_active". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "preempted_qc_active" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "preempted_qc_active" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1577: path: Condition "qc->flags & ATA_QCFLAG_ACTIVE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1580: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1581: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1585: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1589: unlock: Unlocking "ap->lock". "preempted_qc_active" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1593: path: Condition "ap->ops->post_internal_cmd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1597: path: Condition "qc->flags & ATA_QCFLAG_EH", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1598: path: Condition "qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1601: path: Condition "!qc->err_mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1604: path: Condition "qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1606: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1611: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1619: use: Using an unreliable value of "preempted_qc_active" inside the second locked section. If the data that "preempted_qc_active" depends on was changed by another thread, this use might be incorrect. +# 1617| link->active_tag = preempted_tag; +# 1618| link->sactive = preempted_sactive; +# 1619|-> ap->qc_active = preempted_qc_active; +# 1620| ap->nr_active_links = preempted_nr_active_links; +# 1621| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1493: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1496: path: Condition "ata_port_is_frozen(ap)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1514: def: Assigning data that might be protected by the lock to "preempted_nr_active_links". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1522: path: Condition "cdb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "tf->protocol == ATAPI_PROT_DMA", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dev->flags & ATA_DFLAG_DMADIR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1526: path: Condition "dma_dir == DMA_FROM_DEVICE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1532: path: Condition "dma_dir != DMA_NONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1537: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1536: path: Condition "i < n_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1548: unlock: Unlocking "ap->lock". "preempted_nr_active_links" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1550: path: Condition "!timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1551: path: Condition "ata_probe_timeout", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1552: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1559: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1564: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1567: unlock: Unlocking "ap->lock". "preempted_nr_active_links" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1569: path: Condition "!rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1577: path: Condition "qc->flags & ATA_QCFLAG_ACTIVE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1580: path: Condition "ap->ops->error_handler", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1581: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1585: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1589: unlock: Unlocking "ap->lock". "preempted_nr_active_links" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1593: path: Condition "ap->ops->post_internal_cmd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1597: path: Condition "qc->flags & ATA_QCFLAG_EH", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1598: path: Condition "qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1601: path: Condition "!qc->err_mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1604: path: Condition "qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1606: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1611: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c:1620: use: Using an unreliable value of "preempted_nr_active_links" inside the second locked section. If the data that "preempted_nr_active_links" depends on was changed by another thread, this use might be incorrect. +# 1618| link->sactive = preempted_sactive; +# 1619| ap->qc_active = preempted_qc_active; +# 1620|-> ap->nr_active_links = preempted_nr_active_links; +# 1621| +# 1622| spin_unlock_irqrestore(ap->lock, flags); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:843: lock: Locking "spinlock_check(ap->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:845: path: Condition "link", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:846: path: Condition "!(link->flags & ATA_LFLAG_DISABLED)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:847: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:845: def: Assigning data that might be protected by the lock to "link". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:845: path: Condition "link", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:846: path: Condition "!(link->flags & ATA_LFLAG_DISABLED)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:849: unlock: Unlocking "ap->lock". "link" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:860: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:868: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:867: lockagain: Locking "spinlock_check(ap->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c:845: use: Using an unreliable value of "link" inside the second locked section. If the data that "link" depends on was changed by another thread, this use might be incorrect. +# 843| spin_lock_irqsave(ap->lock, flags); +# 844| +# 845|-> ata_for_each_link(link, ap, EDGE) { +# 846| if (!(link->flags & ATA_LFLAG_DISABLED)) +# 847| continue; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1228: lock: Locking "ap->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1230: path: Condition "ap->sff_pio_task_link == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1232: def: Assigning data that might be protected by the lock to "qc". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1233: path: Condition "!qc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1239: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1239: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1249: path: Condition "status & ATA_BUSY", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1250: unlock: Unlocking "ap->lock". "qc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1255: path: Condition "status & ATA_BUSY", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1252: lockagain: Locking "ap->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c:1267: use: Using an unreliable value of "qc" inside the second locked section. If the data that "qc" depends on was changed by another thread, this use might be incorrect. +# 1265| ap->sff_pio_task_link = NULL; +# 1266| /* move the HSM */ +# 1267|-> poll_next = ata_sff_hsm_move(ap, qc, status, 1); +# 1268| +# 1269| /* another command or interrupt handler + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1097: path: Condition "list_empty(&pd->cdrw.pkt_free_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1105: lock: Locking "&pd->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1107: path: Condition "!first_node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1109: path: Condition "n", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1113: path: Condition "node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1116: path: Condition "!(&p->list == &pd->cdrw.pkt_active_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1117: path: Condition "p->sector == zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1119: path: Jumping to label "try_next_bio". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1125: path: Condition "!node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1127: path: Condition "n", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1130: path: Condition "node == first_node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1132: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1113: path: Condition "node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1116: path: Condition "!(&p->list == &pd->cdrw.pkt_active_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1117: path: Condition "p->sector == zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1119: path: Jumping to label "try_next_bio". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1125: path: Condition "!node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1130: path: Condition "node == first_node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1132: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1113: path: Condition "node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1115: def: Assigning data that might be protected by the lock to "zone". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1116: path: Condition "!(&p->list == &pd->cdrw.pkt_active_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1117: path: Condition "p->sector == zone", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1121: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1116: path: Condition "!(&p->list == &pd->cdrw.pkt_active_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1122: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1133: unlock: Unlocking "&pd->lock". "zone" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1134: path: Condition "!bio", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1143: path: Condition "pkt->frames != (pd->settings.size >> 2)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1151: path: Condition "0 /* 2 == 2 && 1 >= 2 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1151: path: Condition "0 /* 2 == 1 && 1 >= 1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1150: lockagain: Locking "&pd->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c:1152: use: Using an unreliable value of "zone" inside the second locked section. If the data that "zone" depends on was changed by another thread, this use might be incorrect. +# 1150| spin_lock(&pd->lock); +# 1151| pkt_dbg(2, pd, "looking for zone %llx\n", (unsigned long long)zone); +# 1152|-> while ((node = pkt_rbtree_find(pd, zone)) != NULL) { +# 1153| bio = node->bio; +# 1154| pkt_dbg(2, pd, "found zone=%llx\n", (unsigned long long) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:220: lock: Locking "spinlock_check(&priv->recv_msg_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:221: path: Condition "list_empty(&priv->recv_msgs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:226: def: Assigning data that might be protected by the lock to "entry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:229: unlock: Unlocking "&priv->recv_msg_lock". "entry" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:232: path: Condition "rsp->addr_len < addr_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:237: path: Condition "copy_to_user(rsp->addr, &msg->addr, addr_len)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:239: path: Jumping to label "recv_putback_on_err". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:281: lockagain: Locking "spinlock_check(&priv->recv_msg_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c:282: use: Using an unreliable value of "entry" inside the second locked section. If the data that "entry" depends on was changed by another thread, this use might be incorrect. +# 280| the head of the queue. */ +# 281| spin_lock_irqsave(&priv->recv_msg_lock, flags); +# 282|-> list_add(entry, &priv->recv_msgs); +# 283| spin_unlock_irqrestore(&priv->recv_msg_lock, flags); +# 284| recv_err: + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1704: lock: Locking "&portdev->c_ivq_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1705: def: Assigning data that might be protected by the lock to "buf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1705: path: Condition "buf = virtqueue_get_buf(vq, &len)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1706: unlock: Unlocking "&portdev->c_ivq_lock". "buf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1708: path: Condition "__UNIQUE_ID___x256 < __UNIQUE_ID___y257", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1713: lockagain: Locking "&portdev->c_ivq_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c:1714: use: Using an unreliable value of "buf" inside the second locked section. If the data that "buf" depends on was changed by another thread, this use might be incorrect. +# 1712| +# 1713| spin_lock(&portdev->c_ivq_lock); +# 1714|-> if (add_inbuf(portdev->c_ivq, buf) < 0) { +# 1715| dev_warn(&portdev->vdev->dev, +# 1716| "Error adding buffer to queue\n"); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:198: path: Condition "desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:202: path: Condition "!list_empty(&desc->pending)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:204: path: Condition "desc->status != DMA_ERROR", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:213: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:217: lock: Locking "spinlock_check(&chan->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:219: path: Condition "desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:220: path: Condition "desc->status != DMA_ERROR", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:231: def: Assigning data that might be protected by the lock to "desc". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:233: unlock: Unlocking "&chan->lock". "desc" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:235: path: Condition "tx_desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:240: path: Condition "desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:198: path: Condition "desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:202: path: Condition "!list_empty(&desc->pending)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:204: path: Condition "desc->status != DMA_ERROR", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:213: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:219: path: Condition "desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:220: path: Condition "desc->status != DMA_ERROR", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:223: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:217: lockagain: Locking "spinlock_check(&chan->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c:231: use: Using an unreliable value of "desc" inside the second locked section. If the data that "desc" depends on was changed by another thread, this use might be incorrect. +# 229| } +# 230| +# 231|-> desc = __ccp_next_dma_desc(chan, desc); +# 232| +# 233| spin_unlock_irqrestore(&chan->lock, flags); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/dax/super.c:29: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:629: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:630: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/dax/super.c:522: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 520| struct inode *inode = &dax_dev->inode; +# 521| +# 522|-> memset(dax_dev, 0, sizeof(*dax_dev)); +# 523| inode_init_once(inode); +# 524| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1029: lock: Locking "&hw_id_kset->list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1030: def: Assigning data that might be protected by the lock to "tmp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1030: path: Condition "!list_is_head(el, &hw_id_kset->list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1032: unlock: Unlocking "&hw_id_kset->list_lock". "tmp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1036: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1035: lockagain: Locking "&hw_id_kset->list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1030: use: Using an unreliable value of "tmp" inside the second locked section. If the data that "tmp" depends on was changed by another thread, this use might be incorrect. +# 1028| hw_id_kset = &ip_hw_id->hw_id_kset; +# 1029| spin_lock(&hw_id_kset->list_lock); +# 1030|-> list_for_each_prev_safe(el, tmp, &hw_id_kset->list) { +# 1031| list_del_init(el); +# 1032| spin_unlock(&hw_id_kset->list_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1047: lock: Locking "&ip_kset->list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1048: def: Assigning data that might be protected by the lock to "tmp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1048: path: Condition "!list_is_head(el, &ip_kset->list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1050: unlock: Unlocking "&ip_kset->list_lock". "tmp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1053: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1052: lockagain: Locking "&ip_kset->list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1048: use: Using an unreliable value of "tmp" inside the second locked section. If the data that "tmp" depends on was changed by another thread, this use might be incorrect. +# 1046| ip_kset = &ip_die_entry->ip_kset; +# 1047| spin_lock(&ip_kset->list_lock); +# 1048|-> list_for_each_prev_safe(el, tmp, &ip_kset->list) { +# 1049| list_del_init(el); +# 1050| spin_unlock(&ip_kset->list_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1064: lock: Locking "&die_kset->list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1065: def: Assigning data that might be protected by the lock to "tmp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1065: path: Condition "!list_is_head(el, &die_kset->list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1067: unlock: Unlocking "&die_kset->list_lock". "tmp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1070: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1069: lockagain: Locking "&die_kset->list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1065: use: Using an unreliable value of "tmp" inside the second locked section. If the data that "tmp" depends on was changed by another thread, this use might be incorrect. +# 1063| die_kset = &adev->ip_top->die_kset; +# 1064| spin_lock(&die_kset->list_lock); +# 1065|-> list_for_each_prev_safe(el, tmp, &die_kset->list) { +# 1066| list_del_init(el); +# 1067| spin_unlock(&die_kset->list_lock); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h:131: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h:23: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:1001: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 999| +# 1000| pgmap = &kfddev->pgmap; +# 1001|-> memset(pgmap, 0, sizeof(*pgmap)); +# 1002| +# 1003| /* TODO: register all vram to HMM for now. + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:183: lock: Locking "&pd->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: def: Assigning data that might be protected by the lock to "pde". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "length > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "pde < 512", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "(pt = i915_pt_entry(pd, pde)) , true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:187: path: Condition "!pt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:188: unlock: Unlocking "&pd->lock". "pde" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:196: path: Condition "!pd->entry[pde]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:200: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:208: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "__UNIQUE_ID___x491 < __UNIQUE_ID___y492", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "length > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "pde < 512", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:195: lockagain: Locking "&pd->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: use: Using an unreliable value of "pde" inside the second locked section. If the data that "pde" depends on was changed by another thread, this use might be incorrect. +# 182| +# 183| spin_lock(&pd->lock); +# 184|-> gen6_for_each_pde(pt, pd, start, length, pde) { +# 185| const unsigned int count = gen6_pte_count(start, length); +# 186| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:183: lock: Locking "&pd->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "length > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "pde < 512", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:184: path: Condition "(pt = i915_pt_entry(pd, pde)) , true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:185: def: Assigning data that might be protected by the lock to "count". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:187: path: Condition "!pt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:188: unlock: Unlocking "&pd->lock". "count" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:196: path: Condition "!pd->entry[pde]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:200: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:195: lockagain: Locking "&pd->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c:207: use: Using an unreliable value of "count" inside the second locked section. If the data that "count" depends on was changed by another thread, this use might be incorrect. +# 205| } +# 206| +# 207|-> atomic_add(count, &pt->used); +# 208| } +# 209| spin_unlock(&pd->lock); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/intel_device_info.h:309: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_driver.c:735: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 733| /* Setup the write-once "constant" device info */ +# 734| device_info = mkwrite_device_info(i915); +# 735|-> memcpy(device_info, match_info, sizeof(*device_info)); +# 736| +# 737| /* Initialize initial runtime info from static const data and pdev. */ + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h:91: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h:92: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c:1713: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 1711| return NULL; +# 1712| +# 1713|-> memcpy(&error_uc->guc_fw, &uc->guc.fw, sizeof(uc->guc.fw)); +# 1714| memcpy(&error_uc->huc_fw, &uc->huc.fw, sizeof(uc->huc.fw)); +# 1715| + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h:91: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h:92: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c:1714: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 1712| +# 1713| memcpy(&error_uc->guc_fw, &uc->guc.fw, sizeof(uc->guc.fw)); +# 1714|-> memcpy(&error_uc->huc_fw, &uc->huc.fw, sizeof(uc->huc.fw)); +# 1715| +# 1716| error_uc->guc_fw.file_selected.path = kstrdup(uc->guc.fw.file_selected.path, ALLOW_FAIL); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/intel_device_info.h:309: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c:1968: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 1966| +# 1967| i915_params_copy(&error->params, &i915->params); +# 1968|-> memcpy(&error->device_info, +# 1969| INTEL_INFO(i915), +# 1970| sizeof(error->device_info)); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:144: path: Condition "0 /* !((((sizeof (rq->engine) == sizeof (char) || sizeof (rq->engine) == sizeof (short)) || sizeof (rq->engine) == sizeof (int)) || sizeof (rq->engine) == sizeof (long)) || sizeof (rq->engine) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:144: path: Condition "locked != (sched_engine = ({...; *((struct intel_engine_cs * const volatile *)&rq->engine);})->sched_engine)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:147: lock: Locking "&sched_engine->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:149: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:144: path: Condition "0 /* !((((sizeof (rq->engine) == sizeof (char) || sizeof (rq->engine) == sizeof (short)) || sizeof (rq->engine) == sizeof (int)) || sizeof (rq->engine) == sizeof (long)) || sizeof (rq->engine) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:144: def: Assigning data that might be protected by the lock to "sched_engine". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:144: path: Condition "locked != (sched_engine = ({...; *((struct intel_engine_cs * const volatile *)&rq->engine);})->sched_engine)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:145: unlock: Unlocking "&locked->lock". "sched_engine" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:147: lockagain: Locking "&sched_engine->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c:148: use: Using an unreliable value of "sched_engine" inside the second locked section. If the data that "sched_engine" depends on was changed by another thread, this use might be incorrect. +# 146| memset(cache, 0, sizeof(*cache)); +# 147| spin_lock(&sched_engine->lock); +# 148|-> locked = sched_engine; +# 149| } +# 150| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:160: path: Condition "!src_mem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:164: path: Condition "ttm", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:164: path: Condition "ttm->page_flags & (1U /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:167: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:172: path: Condition "PTR_ERR(dst_iter) == -22", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:172: path: Condition "dst_man->use_tt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:174: path: Condition "IS_ERR(dst_iter)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:177: local_addr: Address of local variable "_src_iter". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:177: identity_transfer: Passing "&_src_iter.io" as argument 1 to function "ttm_kmap_iter_linear_io_init", which returns an offset off that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:177: local_ptr_assign_ptr: Assigning: "src_iter" = "ttm_kmap_iter_linear_io_init(&_src_iter.io, bdev, src_mem)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:178: path: Condition "PTR_ERR(src_iter) == -22", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:178: path: Condition "src_man->use_tt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:180: path: Condition "IS_ERR(src_iter)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:181: identity_transfer: Passing "src_iter" as argument 1 to function "PTR_ERR", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:181: local_ptr_assign_ptr: Assigning: "ret" = "PTR_ERR(src_iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:182: path: Jumping to label "out_src_iter". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:194: path: Condition "!dst_iter->ops->maps_tt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c:197: return_local_addr_alias: Returning pointer "ret" which points to local variable "_src_iter". +# 195| ttm_kmap_iter_linear_io_fini(&_dst_iter.io, bdev, dst_mem); +# 196| +# 197|-> return ret; +# 198| } +# 199| EXPORT_SYMBOL(ttm_bo_move_memcpy); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:84: lock: Locking "&dd->msix_info.msix_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:85: def: Assigning data that might be protected by the lock to "nr". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:87: path: Condition "nr < dd->msix_info.max_requested", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:89: unlock: Unlocking "&dd->msix_info.msix_lock". "nr" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:91: path: Condition "nr == dd->msix_info.max_requested", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:94: path: Condition "type < IRQ_SDMA", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:94: path: Condition "type >= IRQ_OTHER", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:99: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:103: lockagain: Locking "&dd->msix_info.msix_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c:104: use: Using an unreliable value of "nr" inside the second locked section. If the data that "nr" depends on was changed by another thread, this use might be incorrect. +# 102| name, irq, nr, ret); +# 103| spin_lock(&dd->msix_info.msix_lock); +# 104|-> __clear_bit(nr, dd->msix_info.in_use_msix); +# 105| spin_unlock(&dd->msix_info.msix_lock); +# 106| return ret; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1279: path: Condition "!list_is_head(list_node, &timer_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1284: path: Condition "close_entry", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1285: path: Condition "1 /* ({...; 1;}) && ({...; 1;}) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1285: path: Condition "(long)(jiffies - close_entry->timetosend) < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1299: path: Condition "!send_entry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1301: path: Condition "1 /* ({...; 1;}) && ({...; 1;}) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1301: path: Condition "(long)(jiffies - send_entry->timetosend) < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1314: path: Condition "cm_node->state == IRDMA_CM_STATE_OFFLOADED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1314: path: Condition "cm_node->state == IRDMA_CM_STATE_CLOSED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1320: path: Condition "!send_entry->retranscount", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1320: path: Condition "!send_entry->retrycount", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1333: path: Condition "!cm_node->ack_rcvd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1339: lock: Locking "spinlock_check(&cm_node->retrans_list_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1340: path: Condition "send_entry->send_retrans", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1347: path: Condition "__UNIQUE_ID___x850 < __UNIQUE_ID___y851", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1348: path: Condition "nexttimeout > send_entry->timetosend", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1349: def: Assigning data that might be protected by the lock to "nexttimeout". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1352: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1361: unlock: Unlocking "&cm_node->retrans_list_lock". "nexttimeout" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1363: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1279: path: Condition "!list_is_head(list_node, &timer_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1365: path: Condition "settimer", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1367: path: Condition "!timer_pending(&cm_core->tcp_timer)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1366: lockagain: Locking "spinlock_check(&cm_core->ht_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c:1368: use: Using an unreliable value of "nexttimeout" inside the second locked section. If the data that "nexttimeout" depends on was changed by another thread, this use might be incorrect. +# 1366| spin_lock_irqsave(&cm_core->ht_lock, flags); +# 1367| if (!timer_pending(&cm_core->tcp_timer)) { +# 1368|-> cm_core->tcp_timer.expires = nexttimeout; +# 1369| add_timer(&cm_core->tcp_timer); +# 1370| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4127: path: Condition "!ipv6_addr_v4mapped((struct in6_addr *)ibgid)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4129: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4133: lock: Locking "spinlock_check(&rf->qh_list_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4134: def: Assigning data that might be protected by the lock to "mc_qht_elem". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4135: path: Condition "!mc_qht_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4144: path: Condition "!mc_qht_elem->mc_grp_ctx.no_of_mgs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4146: unlock: Unlocking "&rf->qh_list_lock". "mc_qht_elem" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4149: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4150: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4150: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4150: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4150: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4150: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4152: lockagain: Locking "spinlock_check(&rf->qh_list_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c:4153: use: Using an unreliable value of "mc_qht_elem" inside the second locked section. If the data that "mc_qht_elem" depends on was changed by another thread, this use might be incorrect. +# 4151| "VERBS: failed MC_DESTROY MCG\n"); +# 4152| spin_lock_irqsave(&rf->qh_list_lock, flags); +# 4153|-> mcast_list_add(rf, mc_qht_elem); +# 4154| spin_unlock_irqrestore(&rf->qh_list_lock, flags); +# 4155| return -EAGAIN; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:27: path: Condition "!length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:27: path: Condition "length & MLX5_MEMIC_ALLOC_SIZE_MASK", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:33: path: Condition "alignment < MLX5_MEMIC_BASE_ALIGN", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:35: path: Condition "mlx5_alignment > max_alignment", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:38: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:39: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:40: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:41: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:44: path: Condition "page_idx < num_memic_hw_pages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:45: lock: Locking "&dm->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:46: def: Assigning data that might be protected by the lock to "page_idx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:51: path: Condition "page_idx < num_memic_hw_pages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:55: unlock: Unlocking "&dm->lock". "page_idx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:57: path: Condition "page_idx >= num_memic_hw_pages", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:60: path: Condition "0 /* !!(__builtin_offsetof() % 64) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:60: path: Condition "0 /* !!(sizeof ((NULL)->range_start_addr) != 64) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:64: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:65: lockagain: Locking "&dm->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c:66: use: Using an unreliable value of "page_idx" inside the second locked section. If the data that "page_idx" depends on was changed by another thread, this use might be incorrect. +# 64| if (ret) { +# 65| spin_lock(&dm->lock); +# 66|-> bitmap_clear(dm->memic_alloc_pages, +# 67| page_idx, num_pages); +# 68| spin_unlock(&dm->lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2935: path: Condition "sqp->s_flags & (65506U /* 2 | ((((0x400 | 0x800) | 0x1000) | 0x2000) | ((((((0x20 | 0x40) | 0x80) | 0x100) | 0x200) | 0x4000) | 0x8000)) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2935: path: Condition "!(ib_rvt_state_ops[sqp->state] & (40 /* 8 | 0x20 */))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2948: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x20)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2952: path: Jumping to label "flush_send". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2948: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x20)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2952: path: Jumping to label "flush_send". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_REG_MR". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2987: path: Jumping to label "send_comp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_SEND_WITH_INV". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3002: path: Condition "ret < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3004: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3005: path: Jumping to label "rnr_nak". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3148: path: Condition "qp->ibqp.qp_type == IB_QPT_UC", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3149: path: Jumping to label "send_comp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_SEND_WITH_INV". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3002: path: Condition "ret < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3004: path: Condition "!ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3006: path: Condition "wqe->length > qp->r_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3008: path: Switch case value "IB_WR_SEND_WITH_INV". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3010: path: Condition "!rvt_invalidate_rkey(qp, (*wqe).wr.ex.invalidate_rkey)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3016: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3024: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3101: path: Condition "sqp->s_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3110: path: Condition "release", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3113: path: Condition "!test_and_clear_bit(0, &qp->r_aflags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3116: path: Condition "(*wqe).wr.opcode == IB_WR_RDMA_WRITE_WITH_IMM", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3129: path: Condition "(*wqe).wr.send_flags & IB_SEND_SOLICITED", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_RDMA_WRITE_WITH_IMM". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3027: path: Condition "!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3032: path: Condition "ret < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3034: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3035: path: Jumping to label "rnr_nak". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3148: path: Condition "qp->ibqp.qp_type == IB_QPT_UC", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3149: path: Jumping to label "send_comp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_RDMA_WRITE_WITH_IMM". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3027: path: Condition "!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3032: path: Condition "ret < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3034: path: Condition "!ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3037: path: Jumping to label "do_write". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3043: path: Condition "wqe->length == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3045: path: Condition "!!!rvt_rkey_ok(qp, &qp->r_sge.sge, wqe->length, (*wqe).rdma_wr.remote_addr, (*wqe).rdma_wr.rkey, IB_ACCESS_REMOTE_WRITE)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3053: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3101: path: Condition "sqp->s_len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3104: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3104: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3107: path: Condition "!release", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3109: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3101: path: Condition "sqp->s_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3110: path: Condition "release", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3113: path: Condition "!test_and_clear_bit(0, &qp->r_aflags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3114: path: Jumping to label "send_comp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2970: lock: Locking "spinlock_check(&qp->r_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_RDMA_WRITE". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3039: def: Assigning data that might be protected by the lock to "copy_last". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3040: path: Condition "!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3043: path: Condition "wqe->length == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3044: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3101: path: Condition "sqp->s_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3110: path: Condition "release", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3113: path: Condition "!test_and_clear_bit(0, &qp->r_aflags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3114: path: Jumping to label "send_comp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3132: unlock: Unlocking "&qp->r_lock". "copy_last" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3139: unlock: Unlocking "&sqp->r_lock". "copy_last" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3140: path: Condition "local_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3144: path: Jumping to label "again". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2942: path: Condition "sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2947: path: Condition "!(ib_rvt_state_ops[sqp->state] & 0x10)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2960: path: Condition "sqp->s_last == sqp->s_cur", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2961: path: Condition "++sqp->s_cur >= sqp->s_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2964: unlock: Unlocking "&sqp->s_lock". "copy_last" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2966: path: Condition "!qp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "!(ib_rvt_state_ops[qp->state] & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2971: path: Condition "qp->ibqp.qp_type != sqp->ibqp.qp_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2985: path: Switch case value "IB_WR_RDMA_READ". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3056: path: Condition "!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_READ)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3058: path: Condition "!!!rvt_rkey_ok(qp, &sqp->s_sge.sge, wqe->length, (*wqe).rdma_wr.remote_addr, (*wqe).rdma_wr.rkey, IB_ACCESS_REMOTE_READ)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3070: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3101: path: Condition "sqp->s_len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3104: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3104: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:2970: lockagain: Locking "spinlock_check(&qp->r_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c:3105: use: Using an unreliable value of "copy_last" inside the second locked section. If the data that "copy_last" depends on was changed by another thread, this use might be incorrect. +# 3103| +# 3104| WARN_ON_ONCE(len == 0); +# 3105|-> rvt_copy_sge(qp, &qp->r_sge, sge->vaddr, +# 3106| len, release, copy_last); +# 3107| rvt_update_sge(&sqp->s_sge, len, !release); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1363: path: Condition "!qi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1368: path: Condition "type == 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1368: path: Condition "dmar_latency_enabled(iommu, DMAR_LATENCY_INV_IOTLB)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1372: path: Condition "type == 3", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1372: path: Condition "type == 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1376: path: Condition "type == 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1393: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1397: path: Condition "!!((iommu->ecap >> 43) & 1)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1410: path: Condition "options & (1UL /* 1UL << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1437: path: Condition "rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1438: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1446: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1446: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1451: path: Condition "rc == -11", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1452: path: Jumping to label "restart". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1392: lock: Locking "&qi->q_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1393: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1395: def: Assigning data that might be protected by the lock to "index". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1397: path: Condition "!!((iommu->ecap >> 43) & 1)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1410: path: Condition "options & (1UL /* 1UL << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1437: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1440: unlock: Unlocking "&qi->q_lock". "index" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1443: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1442: lockagain: Locking "&qi->q_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1436: use: Using an unreliable value of "index" inside the second locked section. If the data that "index" depends on was changed by another thread, this use might be incorrect. +# 1434| * for free slots in the queue. +# 1435| */ +# 1436|-> rc = qi_check_fault(iommu, index, wait_index); +# 1437| if (rc) +# 1438| break; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1363: path: Condition "!qi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1368: path: Condition "type == 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1368: path: Condition "dmar_latency_enabled(iommu, DMAR_LATENCY_INV_IOTLB)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1372: path: Condition "type == 3", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1372: path: Condition "type == 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1376: path: Condition "type == 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1393: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1397: path: Condition "!!((iommu->ecap >> 43) & 1)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1410: path: Condition "options & (1UL /* 1UL << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1437: path: Condition "rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1438: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1446: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1446: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1451: path: Condition "rc == -11", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1452: path: Jumping to label "restart". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1392: lock: Locking "&qi->q_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1392: def: Assigning data that might be protected by the lock to "flags". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1393: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1389: path: Condition "qi->free_cnt < count + 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1397: path: Condition "!!((iommu->ecap >> 43) & 1)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1405: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1399: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1410: path: Condition "options & (1UL /* 1UL << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1437: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1440: unlock: Unlocking "&qi->q_lock". "flags" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1443: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1428: path: Condition "qi->desc_status[wait_index] != QI_DONE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1437: path: Condition "rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1438: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1446: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1445: path: Condition "i < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1442: lockagain: Locking "&qi->q_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c:1449: use: Using an unreliable value of "flags" inside the second locked section. If the data that "flags" depends on was changed by another thread, this use might be incorrect. +# 1447| +# 1448| reclaim_free_desc(qi); +# 1449|-> raw_spin_unlock_irqrestore(&qi->q_lock, flags); +# 1450| +# 1451| if (rc == -EAGAIN) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3859: path: Condition "slen == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3859: path: Condition "slen >= 16UL /* sizeof (clevel) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3863: path: Condition "rv", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3866: path: Condition "mddev->pers == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3876: path: Condition "!md_is_rdwr(mddev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3886: path: Condition "mddev->sync_thread", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3886: path: Condition "test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3886: path: Condition "mddev->reshape_position != 18446744073709551615ULL /* ~((sector_t)0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3886: path: Condition "mddev->sysfs_active", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3893: path: Condition "!mddev->pers->quiesce", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3901: path: Condition "clevel[slen - 1] == 10", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3904: path: Condition "kstrtol(clevel, 10, &level)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3907: path: Condition "__request_module(true /* true */, "md-%s", clevel) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3909: lock: Locking "&pers_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3910: def: Assigning data that might be protected by the lock to "pers". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3911: path: Condition "!pers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3911: path: Condition "!try_module_get(pers->owner)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3917: unlock: Unlocking "&pers_lock". "pers" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3919: path: Condition "pers == mddev->pers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3925: path: Condition "!pers->takeover", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3933: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3934: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3933: path: Condition "!(&rdev->same_set == &mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3940: path: Condition "IS_ERR(priv)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3958: lockagain: Locking "&mddev->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:3961: use: Using an unreliable value of "pers" inside the second locked section. If the data that "pers" depends on was changed by another thread, this use might be incorrect. +# 3959| oldpers = mddev->pers; +# 3960| oldpriv = mddev->private; +# 3961|-> mddev->pers = pers; +# 3962| mddev->private = priv; +# 3963| strscpy(mddev->clevel, pers->name, sizeof(mddev->clevel)); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5757: path: Condition "list_empty(&mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5761: path: Condition "mddev->pers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5764: path: Condition "mddev->sysfs_active", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5770: path: Condition "!mddev->raid_disks", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5771: path: Condition "!mddev->persistent", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5774: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5778: path: Condition "mddev->level != -1000000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5779: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5789: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5790: path: Condition "test_bit(Faulty, &rdev->flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5791: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5789: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5790: path: Condition "test_bit(Faulty, &rdev->flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5794: path: Condition "mddev->ro != MD_RDONLY", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5794: path: Condition "rdev_read_only(rdev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5800: path: Condition "rdev->sb_page", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5807: path: Condition "rdev->meta_bdev", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5809: path: Condition "rdev->data_offset < rdev->sb_start", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5810: path: Condition "mddev->dev_sectors", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5810: path: Condition "rdev->data_offset + mddev->dev_sectors > rdev->sb_start", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5817: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5826: path: Condition "nowait", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5826: path: Condition "bdev_nowait(rdev->bdev)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5827: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5789: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5790: path: Condition "test_bit(Faulty, &rdev->flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5794: path: Condition "mddev->ro != MD_RDONLY", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5794: path: Condition "rdev_read_only(rdev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5800: path: Condition "rdev->sb_page", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5807: path: Condition "rdev->meta_bdev", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5809: path: Condition "rdev->data_offset < rdev->sb_start", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5810: path: Condition "mddev->dev_sectors", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5810: path: Condition "rdev->data_offset + mddev->dev_sectors > rdev->sb_start", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5817: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5826: path: Condition "nowait", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5826: path: Condition "bdev_nowait(rdev->bdev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5827: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5789: path: Condition "!(&rdev->same_set == &mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5831: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5834: path: Condition "!bioset_initialized(&mddev->bio_set)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5839: path: Condition "!bioset_initialized(&mddev->sync_set)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5845: lock: Locking "&pers_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5846: def: Assigning data that might be protected by the lock to "pers". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5847: path: Condition "!pers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5847: path: Condition "!try_module_get(pers->owner)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5858: unlock: Unlocking "&pers_lock". "pers" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5859: path: Condition "mddev->level != pers->level", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5865: path: Condition "mddev->reshape_position != 18446744073709551615ULL /* ~((sector_t)0) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5865: path: Condition "pers->start_reshape == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5873: path: Condition "pers->sync_request", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5880: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5881: path: Condition "!(&rdev2->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5882: path: Condition "rdev < rdev2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5882: path: Condition "rdev->bdev->bd_disk == rdev2->bdev->bd_disk", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5885: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5891: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5881: path: Condition "!(&rdev2->same_set == &mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5891: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5880: path: Condition "!(&rdev->same_set == &mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5893: path: Condition "warned", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5894: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5903: path: Condition "start_readonly", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5903: path: Condition "md_is_rdwr(mddev)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5907: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5909: path: Condition "pers->size(mddev, 0, 0) < mddev->array_sectors", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5918: path: Condition "err == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5918: path: Condition "pers->sync_request", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5918: path: Condition "mddev->bitmap_info.file", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5923: path: Condition "IS_ERR(bitmap)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5925: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5927: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5931: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5934: path: Condition "mddev->bitmap_info.max_write_behind > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5937: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5938: path: Condition "test_bit(WriteMostly, &rdev->flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5938: path: Condition "rdev_init_serial(rdev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5941: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5937: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5938: path: Condition "test_bit(WriteMostly, &rdev->flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5938: path: Condition "rdev_init_serial(rdev)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5941: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5937: path: Condition "!(&rdev->same_set == &mddev->disks)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5942: path: Condition "create_pool", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5942: path: Condition "mddev->serial_info_pool == NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5946: path: Condition "!mddev->serial_info_pool", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5953: path: Condition "mddev->queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5956: path: Condition "!(&rdev->same_set == &mddev->disks)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5957: path: Condition "rdev->raid_disk >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5957: path: Condition "!bdev_nonrot(rdev->bdev)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5959: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5962: path: Condition "mddev->degraded", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5964: path: Condition "nonrot", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5971: path: Condition "nowait", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5974: path: Condition "pers->sync_request", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5975: path: Condition "mddev->kobj.sd", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5975: path: Condition "sysfs_create_group(&mddev->kobj, &md_redundancy_group)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5982: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5988: path: Condition "mddev_is_clustered(mddev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5994: lockagain: Locking "&mddev->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c:5995: use: Using an unreliable value of "pers" inside the second locked section. If the data that "pers" depends on was changed by another thread, this use might be incorrect. +# 5993| smp_wmb(); +# 5994| spin_lock(&mddev->lock); +# 5995|-> mddev->pers = pers; +# 5996| spin_unlock(&mddev->lock); +# 5997| rdev_for_each(rdev, mddev) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:917: path: Condition "!({...; __rem;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:921: path: Condition "last_sh", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:921: path: Condition "head_sector == last_sh->sector", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:926: lock: Locking "conf->hash_locks + hash". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:927: def: Assigning data that might be protected by the lock to "head". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:929: unlock: Unlocking "conf->hash_locks + hash". "head" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:930: path: Condition "!head", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:932: path: Condition "!stripe_can_batch(head)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:938: path: Condition "!stripe_can_batch(head)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:938: path: Condition "!stripe_can_batch(sh)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:941: path: Condition "sh->batch_head", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:945: path: Condition "dd_idx == sh->pd_idx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:946: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:945: path: Condition "dd_idx == sh->pd_idx", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:945: path: Condition "dd_idx == sh->qd_idx", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:947: path: Condition "head->dev[dd_idx].towrite->bi_opf != sh->dev[dd_idx].towrite->bi_opf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:947: path: Condition "bio_op(head->dev[dd_idx].towrite) != bio_op(sh->dev[dd_idx].towrite)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:951: path: Condition "head->batch_head", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:936: lockagain: Locking "sh->stripe_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c:974: use: Using an unreliable value of "head" inside the second locked section. If the data that "head" depends on was changed by another thread, this use might be incorrect. +# 972| spin_unlock(&head->batch_head->batch_lock); +# 973| } else { +# 974|-> head->batch_head = head; +# 975| sh->batch_head = head->batch_head; +# 976| spin_lock(&head->batch_lock); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/mfd/core.h:95: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mfd/lpc_sch.c:122: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 120| return ret; +# 121| +# 122|-> memset(cell, 0, sizeof(*cell)); +# 123| +# 124| cell->name = name; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:145: lock: Locking "spinlock_check(&fm->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:149: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:149: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:149: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:149: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:149: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:152: path: Condition "!socket_change_set", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:157: path: Condition "cnt < fm->num_sockets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:158: path: Condition "!(socket_change_set & (1 << cnt))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:159: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:157: path: Condition "cnt < fm->num_sockets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:158: path: Condition "!(socket_change_set & (1 << cnt))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:159: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:157: path: Condition "cnt < fm->num_sockets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:158: path: Condition "!(socket_change_set & (1 << cnt))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:161: path: Condition "sock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:162: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:166: def: Assigning data that might be protected by the lock to "sock_addr". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:167: unlock: Unlocking "&fm->lock". "sock_addr" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:169: lockagain: Locking "spinlock_check(&fm->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c:170: use: Using an unreliable value of "sock_addr" inside the second locked section. If the data that "sock_addr" depends on was changed by another thread, this use might be incorrect. +# 168| device_unregister(&sock->dev); +# 169| spin_lock_irqsave(&fm->lock, flags); +# 170|-> tifm_7xx1_sock_power_off(sock_addr); +# 171| writel(0x0e00, sock_addr + SOCK_CONTROL); +# 172| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3054: lock: Locking "spinlock_check(&host->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3056: path: Condition "i < 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3058: path: Condition "mrq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3059: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3062: path: Condition "!mrq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3071: path: Condition "sdhci_needs_reset(host, mrq)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3078: path: Condition "host->cmd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3078: path: Condition "host->data_cmd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3084: path: Condition "host->quirks & (1U /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3098: path: Condition "host->flags & (4 /* 1 << 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3099: def: Assigning data that might be protected by the lock to "data". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "host->use_external_dma", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "mrq->cmd->error", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3106: unlock: Unlocking "&host->lock". "data" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3112: path: Condition "data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3112: path: Condition "data->host_cookie == COOKIE_MAPPED", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3113: path: Condition "host->bounce_buffer", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3108: lockagain: Locking "spinlock_check(&host->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3118: use: Using an unreliable value of "data" inside the second locked section. If the data that "data" depends on was changed by another thread, this use might be incorrect. +# 3116| * sglist +# 3117| */ +# 3118|-> if (mmc_get_dma_dir(data) == DMA_FROM_DEVICE) { +# 3119| unsigned int length = data->bytes_xfered; +# 3120| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3054: lock: Locking "spinlock_check(&host->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3056: path: Condition "i < 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3058: path: Condition "mrq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3059: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3062: path: Condition "!mrq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3071: path: Condition "sdhci_needs_reset(host, mrq)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3078: path: Condition "host->cmd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3078: path: Condition "host->data_cmd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3084: path: Condition "host->quirks & (1U /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3098: path: Condition "host->flags & (4 /* 1 << 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3099: def: Assigning data that might be protected by the lock to "data". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "host->use_external_dma", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3101: path: Condition "mrq->cmd->error", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3106: unlock: Unlocking "&host->lock". "data" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3112: path: Condition "data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3112: path: Condition "data->host_cookie == COOKIE_MAPPED", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3113: path: Condition "host->bounce_buffer", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3108: lockagain: Locking "spinlock_check(&host->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c:3148: use: Using an unreliable value of "data" inside the second locked section. If the data that "data" depends on was changed by another thread, this use might be incorrect. +# 3146| } else { +# 3147| /* Unmap the raw data */ +# 3148|-> dma_unmap_sg(mmc_dev(host->mmc), data->sg, +# 3149| data->sg_len, +# 3150| mmc_get_dma_dir(data)); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:658: path: Condition "shutdown", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:662: path: Condition "!vidb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:669: lock: Locking "&ubi->wl_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:670: path: Condition "!ubi->move_from", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:670: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:671: path: Condition "!!!!ubi->move_to_put", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:671: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:673: path: Condition "!ubi->free.rb_node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:673: path: Condition "!ubi->used.rb_node", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:673: path: Condition "!ubi->scrub.rb_node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:718: path: Condition "!ubi->scrub.rb_node", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:747: def: Assigning data that might be protected by the lock to "e2". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:748: path: Condition "!e2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:753: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:753: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:753: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:753: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:753: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:758: unlock: Unlocking "&ubi->wl_lock". "e2" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:772: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:772: path: Condition "err != UBI_IO_BITFLIPS", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:774: path: Condition "err == UBI_IO_FF", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:785: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:785: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:785: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:785: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:785: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:787: path: Jumping to label "out_not_moved". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:917: path: Condition "vol_id != -1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:921: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:921: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:921: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:921: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:921: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:924: path: Condition "protect", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:925: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:933: path: Condition "dst_leb_clean", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:923: lockagain: Locking "&ubi->wl_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c:934: use: Using an unreliable value of "e2" inside the second locked section. If the data that "e2" depends on was changed by another thread, this use might be incorrect. +# 932| wl_tree_add(e1, &ubi->used); +# 933| if (dst_leb_clean) { +# 934|-> wl_tree_add(e2, &ubi->free); +# 935| ubi->free_count++; +# 936| } + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:711: local_ptr_assign_local: Assigning: "mod_acts.actions" = "actions_arr" (address of local variable "actions_arr"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:718: path: Condition "!meta", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:724: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:726: path: Condition "nat_table", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:727: path: Condition "has_nat", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:728: identity_transfer: Passing field "mod_acts.actions" (indirectly, via argument 3) to function "mlx5_tc_ct_entry_create_nat", which returns an offset off it. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:728: local_ptr_assign_ptr: Assigning: "err" = "mlx5_tc_ct_entry_create_nat(ct_priv, flow_rule, &mod_acts)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:729: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:730: path: Jumping to label "err_mapping". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c:775: return_local_addr_alias: Returning pointer "err" which points to local variable "actions_arr". +# 773| mlx5e_mod_hdr_dealloc(&mod_acts); +# 774| mlx5_put_label_mapping(ct_priv, attr->ct_attr.ct_labels_id); +# 775|-> return err; +# 776| } +# 777| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:136: path: Condition "!dev->dm", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:139: path: Condition "!length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:139: path: Condition "length & length - 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:139: path: Condition "length & (1 << (((__u32)__builtin_bswap32((__u32)(__u32)(__be32)(__be32 *)dev->caps.hca[MLX5_CAP_DEV_MEM]->cur[8UL /* __builtin_offsetof() / 32 */]) >> 8UL /* 32 - sizeof ((NULL)->log_sw_icm_alloc_granularity) - (__builtin_offsetof() & 31) */) & 63U /* (u32)((1ULL << sizeof ((NULL)->log_sw_icm_alloc_granularity)) - 1) */)) - 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:143: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:145: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:146: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:148: path: Switch case value "MLX5_SW_ICM_TYPE_STEERING". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:153: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:171: path: Condition "!block_map", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:176: path: Condition "log_alignment < (((__u32)__builtin_bswap32((__u32)(__u32)(__be32)(__be32 *)dev->caps.hca[MLX5_CAP_DEV_MEM]->cur[8UL /* __builtin_offsetof() / 32 */]) >> 8UL /* 32 - sizeof ((NULL)->log_sw_icm_alloc_granularity) - (__builtin_offsetof() & 31) */) & 63U /* (u32)((1ULL << sizeof ((NULL)->log_sw_icm_alloc_granularity)) - 1) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:180: lock: Locking "&dm->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:181: def: Assigning data that might be protected by the lock to "block_idx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:184: path: Condition "block_idx < max_blocks", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:188: unlock: Unlocking "&dm->lock". "block_idx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:190: path: Condition "block_idx >= max_blocks", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:195: path: Condition "0 /* !!(__builtin_offsetof() % 64) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:195: path: Condition "0 /* !!(sizeof ((NULL)->sw_icm_start_addr) != 64) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:197: path: Condition "0 /* !!(sizeof (struct mlx5_ifc_sw_icm_bits) % 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:200: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:201: lockagain: Locking "&dm->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c:202: use: Using an unreliable value of "block_idx" inside the second locked section. If the data that "block_idx" depends on was changed by another thread, this use might be incorrect. +# 200| if (ret) { +# 201| spin_lock(&dm->lock); +# 202|-> bitmap_clear(block_map, +# 203| block_idx, num_blocks); +# 204| spin_unlock(&dm->lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:477: lock: Locking "&p_hwfn->mcp_info->cmd_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:479: path: Condition "!qed_mcp_has_pending_cmd(p_hwfn)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:480: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:496: path: Condition "cnt >= max_retries", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:506: def: Assigning data that might be protected by the lock to "p_cmd_elem". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:507: path: Condition "!p_cmd_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:513: unlock: Unlocking "&p_hwfn->mcp_info->cmd_lock". "p_cmd_elem" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "__params", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "__params->flags & (1U /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "({...; __params && __params->flags & (1U /* 1 << 0 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:523: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:529: path: Condition "p_cmd_elem->b_is_completed", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:533: path: Condition "!rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:535: path: Condition "rc != -11", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:538: unlock: Unlocking "&p_hwfn->mcp_info->cmd_lock". "p_cmd_elem" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:539: path: Condition "++cnt < max_retries", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:541: path: Condition "cnt >= max_retries", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:542: path: Condition "!!(p_hwfn->dp_level <= QED_LEVEL_NOTICE)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:542: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:542: path: Condition "p_hwfn->name", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:547: lockagain: Locking "&p_hwfn->mcp_info->cmd_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:548: use: Using an unreliable value of "p_cmd_elem" inside the second locked section. If the data that "p_cmd_elem" depends on was changed by another thread, this use might be incorrect. +# 546| +# 547| spin_lock_bh(&p_hwfn->mcp_info->cmd_lock); +# 548|-> qed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem); +# 549| spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); +# 550| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:477: lock: Locking "&p_hwfn->mcp_info->cmd_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:479: path: Condition "!qed_mcp_has_pending_cmd(p_hwfn)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:480: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:496: path: Condition "cnt >= max_retries", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:506: def: Assigning data that might be protected by the lock to "p_cmd_elem". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:507: path: Condition "!p_cmd_elem", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:513: unlock: Unlocking "&p_hwfn->mcp_info->cmd_lock". "p_cmd_elem" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "__params", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "__params->flags & (1U /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:522: path: Condition "({...; __params && __params->flags & (1U /* 1 << 0 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:523: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:529: path: Condition "p_cmd_elem->b_is_completed", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:530: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:541: path: Condition "cnt >= max_retries", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:527: lockagain: Locking "&p_hwfn->mcp_info->cmd_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c:559: use: Using an unreliable value of "p_cmd_elem" inside the second locked section. If the data that "p_cmd_elem" depends on was changed by another thread, this use might be incorrect. +# 557| } +# 558| +# 559|-> qed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem); +# 560| spin_unlock_bh(&p_hwfn->mcp_info->cmd_lock); +# 561| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:404: lock: Locking "&efv->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:405: def: Assigning data that might be protected by the lock to "read_index". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "spent < weight", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "!list_empty(&efv->rx_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:411: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "spent < weight", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "!list_empty(&efv->rx_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:411: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "spent < weight", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:406: path: Condition "!list_empty(&efv->rx_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:412: unlock: Unlocking "&efv->rx_lock". "read_index" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:415: path: Condition "spent < weight", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:416: path: Condition "napi_complete_done(napi, spent)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:417: lockagain: Locking "&efv->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c:418: use: Using an unreliable value of "read_index" inside the second locked section. If the data that "read_index" depends on was changed by another thread, this use might be incorrect. +# 416| if (napi_complete_done(napi, spent)) { +# 417| spin_lock_bh(&efv->rx_lock); +# 418|-> efv->read_index = read_index; +# 419| /* If write_index advanced while we were doing the +# 420| * RX, then storing our read_index won't re-prime the + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2333: path: Condition "!attrs[MACSEC_ATTR_IFINDEX]", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2336: path: Condition "parse_sa_config(attrs, tb_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2339: path: Condition "!validate_upd_sa(tb_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2345: path: Condition "IS_ERR(tx_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2350: path: Condition "tb_sa[MACSEC_SA_ATTR_PN]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2353: path: Condition "secy->xpn", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2354: path: Condition "nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2361: lock: Locking "&tx_sa->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2362: def: Assigning data that might be protected by the lock to "prev_pn". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2364: unlock: Unlocking "&tx_sa->lock". "prev_pn" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2368: path: Condition "tb_sa[MACSEC_SA_ATTR_ACTIVE]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2369: path: Condition "nla_get_u8(tb_sa[MACSEC_SA_ATTR_ACTIVE])", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2372: path: Condition "assoc_num == tx_sc->encoding_sa", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2376: path: Condition "macsec_is_offloaded(netdev_priv(dev))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2381: path: Condition "!ops", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2383: path: Jumping to label "cleanup". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2400: path: Condition "tb_sa[MACSEC_SA_ATTR_PN]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2401: lockagain: Locking "&tx_sa->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2402: use: Using an unreliable value of "prev_pn" inside the second locked section. If the data that "prev_pn" depends on was changed by another thread, this use might be incorrect. +# 2400| if (tb_sa[MACSEC_SA_ATTR_PN]) { +# 2401| spin_lock_bh(&tx_sa->lock); +# 2402|-> tx_sa->next_pn_halves = prev_pn; +# 2403| spin_unlock_bh(&tx_sa->lock); +# 2404| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2427: path: Condition "!attrs[MACSEC_ATTR_IFINDEX]", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2430: path: Condition "parse_rxsc_config(attrs, tb_rxsc)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2433: path: Condition "parse_sa_config(attrs, tb_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2436: path: Condition "!validate_upd_sa(tb_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2442: path: Condition "IS_ERR(rx_sa)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2447: path: Condition "tb_sa[MACSEC_SA_ATTR_PN]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2450: path: Condition "secy->xpn", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2451: path: Condition "nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2458: lock: Locking "&rx_sa->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2459: def: Assigning data that might be protected by the lock to "prev_pn". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2461: unlock: Unlocking "&rx_sa->lock". "prev_pn" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2465: path: Condition "tb_sa[MACSEC_SA_ATTR_ACTIVE]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2466: path: Condition "nla_get_u8(tb_sa[MACSEC_SA_ATTR_ACTIVE])", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2469: path: Condition "macsec_is_offloaded(netdev_priv(dev))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2474: path: Condition "!ops", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2476: path: Jumping to label "cleanup". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2492: path: Condition "tb_sa[MACSEC_SA_ATTR_PN]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2493: lockagain: Locking "&rx_sa->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c:2494: use: Using an unreliable value of "prev_pn" inside the second locked section. If the data that "prev_pn" depends on was changed by another thread, this use might be incorrect. +# 2492| if (tb_sa[MACSEC_SA_ATTR_PN]) { +# 2493| spin_lock_bh(&rx_sa->lock); +# 2494|-> rx_sa->next_pn_halves = prev_pn; +# 2495| spin_unlock_bh(&rx_sa->lock); +# 2496| } + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/phy.h:835: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/phy/xilinx_gmii2rgmii.c:90: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 88| priv->mdio = mdiodev; +# 89| priv->phy_drv = priv->phy_dev->drv; +# 90|-> memcpy(&priv->conv_phy_drv, priv->phy_dev->drv, +# 91| sizeof(struct phy_driver)); +# 92| priv->conv_phy_drv.read_status = xgmiitorgmii_read_status; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2478: lock: Locking "&ar->data_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2479: def: Assigning data that might be protected by the lock to "peer". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2480: unlock: Unlocking "&ar->data_lock". "peer" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2481: path: Condition "!peer", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2484: path: Condition "!peer", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2493: path: Condition "fw_desc->u.bits.discard", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2502: path: Condition "num_mpdu_ranges > 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2507: path: Condition "mpdu_ranges->mpdu_range_status != HTT_RX_IND_MPDU_STATUS_OK", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2507: path: Condition "mpdu_ranges->mpdu_range_status != HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2519: path: Condition "(rx_desc_info & 65536) >> 16", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2520: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2525: path: Condition "rx->fw_desc.flags & (1 /* 1 << 0 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2529: path: Condition "check_pn_type == HTT_RX_PN_CHECK", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2529: path: Condition "tid >= 16", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2530: lockagain: Locking "&ar->data_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c:2531: use: Using an unreliable value of "peer" inside the second locked section. If the data that "peer" depends on was changed by another thread, this use might be incorrect. +# 2529| if (check_pn_type == HTT_RX_PN_CHECK && tid >= IEEE80211_NUM_TIDS) { +# 2530| spin_lock_bh(&ar->data_lock); +# 2531|-> pn_invalid = ath10k_htt_rx_pn_check_replay_hl(ar, peer, rx); +# 2532| spin_unlock_bh(&ar->data_lock); +# 2533| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:64: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:67: lock: Locking "&ring->idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:68: def: Assigning data that might be protected by the lock to "buf_id". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:69: unlock: Unlocking "&ring->idr_lock". "buf_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:70: path: Condition "buf_id < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:76: path: Condition "!desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:78: path: Jumping to label "err_idr_remove". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:94: lockagain: Locking "&ring->idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c:95: use: Using an unreliable value of "buf_id" inside the second locked section. If the data that "buf_id" depends on was changed by another thread, this use might be incorrect. +# 93| err_idr_remove: +# 94| spin_lock_bh(&ring->idr_lock); +# 95|-> idr_remove(&ring->bufs_idr, buf_id); +# 96| spin_unlock_bh(&ring->idr_lock); +# 97| err_dma_unmap: + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:357: path: Condition "__UNIQUE_ID___x428 < __UNIQUE_ID___y429", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:366: path: Condition "!req_entries", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:366: path: Condition "num_free > rx_ring->bufs_max * 3 / 4", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:369: path: Condition "__UNIQUE_ID___x430 < __UNIQUE_ID___y431", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:372: path: Condition "num_remain > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:375: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:378: path: Condition "!(((unsigned long)skb->data & 127UL /* (unsigned long)128 - 1 */) == 0)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:388: path: Condition "dma_mapping_error(ab->dev, paddr)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:391: lock: Locking "&rx_ring->idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:392: def: Assigning data that might be protected by the lock to "buf_id". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:394: unlock: Unlocking "&rx_ring->idr_lock". "buf_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:395: path: Condition "buf_id <= 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:399: path: Condition "!desc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:400: path: Jumping to label "fail_idr_remove". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:419: lockagain: Locking "&rx_ring->idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:420: use: Using an unreliable value of "buf_id" inside the second locked section. If the data that "buf_id" depends on was changed by another thread, this use might be incorrect. +# 418| fail_idr_remove: +# 419| spin_lock_bh(&rx_ring->idr_lock); +# 420|-> idr_remove(&rx_ring->bufs_idr, buf_id); +# 421| spin_unlock_bh(&rx_ring->idr_lock); +# 422| fail_dma_unmap: + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3388: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3388: path: Condition "0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 1)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3388: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 2)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 3)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3388: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 6)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3388: path: Condition "0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 7)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 8)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 9)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3391: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3391: path: Condition "0 /* !!((1UL << 0) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3391: path: Condition "0 /* !!(1 ? ~((1UL << 0) >> __builtin_ffsll(1UL << 0) - 1) & 1 : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3391: path: Condition "0 /* !!((unsigned long)(1UL << 0) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3391: path: Condition "0 /* !!(((1UL << 0) + (1ULL << __builtin_ffsll(1UL << 0) - 1) & (1UL << 0) + (1ULL << __builtin_ffsll(1UL << 0) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3392: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3392: path: Condition "0 /* !!((1UL << 1) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3392: path: Condition "0 /* !!(1 ? ~((1UL << 1) >> __builtin_ffsll(1UL << 1) - 1) & 1 : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3392: path: Condition "0 /* !!((unsigned long)(1UL << 1) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3392: path: Condition "0 /* !!(((1UL << 1) + (1ULL << __builtin_ffsll(1UL << 1) - 1) & (1UL << 1) + (1ULL << __builtin_ffsll(1UL << 1) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3393: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3393: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3393: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0 : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3393: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3393: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 15)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "!!(0 ? 18446744073709535232UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 16)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 17)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) - 1) */ & defrag_skb->len - hal_rx_desc_sz : 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 20)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3394: path: Condition "0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 21)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 22)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 23)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 29)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "!!(0 ? 18446744073709551584UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 30)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 31)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) */ & dst_idx : 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 34)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3396: path: Condition "0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 35)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 36)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 37)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3397: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3397: path: Condition "0 /* !!((1UL << 23) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3397: path: Condition "0 /* !!(1 ? ~((1UL << 23) >> __builtin_ffsll(1UL << 23) - 1) & 1 : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3397: path: Condition "0 /* !!((unsigned long)(1UL << 23) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3397: path: Condition "0 /* !!(((1UL << 23) + (1ULL << __builtin_ffsll(1UL << 23) - 1) & (1UL << 23) + (1ULL << __builtin_ffsll(1UL << 23) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3398: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3398: path: Condition "0 /* !!((1UL << 25) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3398: path: Condition "0 /* !!(1 ? ~((1UL << 25) >> __builtin_ffsll(1UL << 25) - 1) & 1 : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3398: path: Condition "0 /* !!((unsigned long)(1UL << 25) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3398: path: Condition "0 /* !!(((1UL << 25) + (1ULL << __builtin_ffsll(1UL << 25) - 1) & (1UL << 25) + (1ULL << __builtin_ffsll(1UL << 25) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3407: path: Condition "dma_mapping_error(ab->dev, paddr)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3410: lock: Locking "&rx_refill_ring->idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3411: def: Assigning data that might be protected by the lock to "buf_id". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3413: unlock: Unlocking "&rx_refill_ring->idr_lock". "buf_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3414: path: Condition "buf_id < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 43)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "!!(0 ? 18446744073709551608UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 44)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 45)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) - 1) */ & dp->mac_id : 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 48)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3420: path: Condition "0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 49)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 50)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 51)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) + (1ULL << __builtin_ffsll((int)sizeof (struct [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 57)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "!!(0 ? 18446744073709289472UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 58)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 59)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) - 1) */ & buf_id : 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 62)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) > (unsigned long long)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3421: path: Condition "0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 63)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 64)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 65)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3434: path: Condition "!reo_ent_ring", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3436: unlock: Unlocking "&srng->lock". "buf_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3438: path: Jumping to label "err_free_idr". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3467: lockagain: Locking "&rx_refill_ring->idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3468: use: Using an unreliable value of "buf_id" inside the second locked section. If the data that "buf_id" depends on was changed by another thread, this use might be incorrect. +# 3466| err_free_idr: +# 3467| spin_lock_bh(&rx_refill_ring->idr_lock); +# 3468|-> idr_remove(&rx_refill_ring->bufs_idr, buf_id); +# 3469| spin_unlock_bh(&rx_refill_ring->idr_lock); +# 3470| err_unmap_dma: +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c:3468: note: trimmed 5 message(s) with length over 512 + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5781: lock: Locking "&ar->txmgmt_idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5782: def: Assigning data that might be protected by the lock to "buf_id". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5784: unlock: Unlocking "&ar->txmgmt_idr_lock". "buf_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5786: path: Condition "ath11k_debug_mask & ATH11K_DBG_MAC", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5789: path: Condition "buf_id < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5793: path: Condition "!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5794: path: Condition "ieee80211_is_action(hdr->frame_control)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5794: path: Condition "ieee80211_has_protected(hdr->frame_control)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5803: path: Condition "dma_mapping_error(ab->dev, paddr)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5806: path: Jumping to label "err_free_idr". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5823: lockagain: Locking "&ar->txmgmt_idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c:5824: use: Using an unreliable value of "buf_id" inside the second locked section. If the data that "buf_id" depends on was changed by another thread, this use might be incorrect. +# 5822| err_free_idr: +# 5823| spin_lock_bh(&ar->txmgmt_idr_lock); +# 5824|-> idr_remove(&ar->txmgmt_idr, buf_id); +# 5825| spin_unlock_bh(&ar->txmgmt_idr_lock); +# 5826| + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/intel/iwlwifi/dvm/dev.h:487: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c:554: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 552| iwlagn_prepare_restart(priv); +# 553| +# 554|-> memset((void *)&ctx->active, 0, sizeof(ctx->active)); +# 555| iwl_connection_init_rx_config(priv, ctx); +# 556| iwlagn_set_rxon_chain(priv, ctx); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6361: lock: Locking "spinlock_check(&hwsim_virtio_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6362: path: Condition "!hwsim_virtio_enabled", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6365: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6366: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6368: unlock: Unlocking "&hwsim_virtio_lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6376: path: Condition "!hwsim_virtio_enabled", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6375: lockagain: Locking "spinlock_check(&hwsim_virtio_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c:6381: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 6379| } +# 6380| vq = hwsim_vqs[HWSIM_VQ_RX]; +# 6381|-> sg_init_one(sg, skb->head, skb_end_offset(skb)); +# 6382| err = virtqueue_add_inbuf(vq, sg, 1, skb, GFP_ATOMIC); +# 6383| if (WARN(err, "virtqueue_add_inbuf returned %d\n", err)) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:93: lock: Locking "spinlock_check(&txq->tx_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:95: def: Assigning data that might be protected by the lock to "cur_idx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:96: unlock: Unlocking "&txq->tx_lock". "cur_idx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:110: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:110: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:119: lockagain: Locking "spinlock_check(&txq->tx_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:120: use: Using an unreliable value of "cur_idx" inside the second locked section. If the data that "cur_idx" depends on was changed by another thread, this use might be incorrect. +# 118| +# 119| spin_lock_irqsave(&txq->tx_lock, flags); +# 120|-> cur_idx = t7xx_ring_buf_get_next_wr_idx(drb_cnt, cur_idx); +# 121| txq->drb_release_rd_idx = cur_idx; +# 122| spin_unlock_irqrestore(&txq->tx_lock, flags); +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:120: note: trimmed 3 message(s) with length over 512 + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:93: lock: Locking "spinlock_check(&txq->tx_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:94: def: Assigning data that might be protected by the lock to "drb_cnt". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:96: unlock: Unlocking "&txq->tx_lock". "drb_cnt" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:110: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:110: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:98: path: Condition "i < release_cnt", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...] +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:100: path: Condition "({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:102: path: Condition "!cur_drb_skb->is_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!!1 */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((1UL << 2) == 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:106: path: Condition "!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:107: path: Condition "!cur_drb_skb->skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:119: lockagain: Locking "spinlock_check(&txq->tx_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:120: use: Using an unreliable value of "drb_cnt" inside the second locked section. If the data that "drb_cnt" depends on was changed by another thread, this use might be incorrect. +# 118| +# 119| spin_lock_irqsave(&txq->tx_lock, flags); +# 120|-> cur_idx = t7xx_ring_buf_get_next_wr_idx(drb_cnt, cur_idx); +# 121| txq->drb_release_rd_idx = cur_idx; +# 122| spin_unlock_irqrestore(&txq->tx_lock, flags); +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c:120: note: trimmed 3 message(s) with length over 512 + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h:23: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/nvdimm/pfn_devs.c:710: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 708| le64_to_cpu(nd_pfn->pfn_sb->npfns), +# 709| nd_pfn->npfns); +# 710|-> memcpy(altmap, &__altmap, sizeof(*altmap)); +# 711| altmap->free = PHYS_PFN(offset - reserve); +# 712| altmap->alloc = 0; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1134: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "lport->state != LPORT_ST_READY", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "!lport->link_up", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1147: lock: Locking "&tgt->tgt_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1148: def: Assigning data that might be protected by the lock to "io_req". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1149: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1161: path: Condition "tgt != io_req->tgt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1169: path: Condition "tgt->flush_in_prog", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1177: path: Condition "io_req->on_active_queue == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1203: path: Condition "test_and_set_bit(2, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1226: path: Condition "cancel_delayed_work(&io_req->timeout_work)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1232: path: Condition "rc == FAILED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1241: unlock: Unlocking "&tgt->tgt_lock". "io_req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1246: path: Condition "time_left", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1252: path: Condition "test_bit(9, &io_req->req_flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1250: lockagain: Locking "&tgt->tgt_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1253: use: Using an unreliable value of "io_req" inside the second locked section. If the data that "io_req" depends on was changed by another thread, this use might be incorrect. +# 1251| io_req->wait_for_abts_comp = 0; +# 1252| if (test_bit(BNX2FC_FLAG_IO_COMPL, &io_req->req_flags)) { +# 1253|-> BNX2FC_IO_DBG(io_req, "IO completed in a different context\n"); +# 1254| rc = SUCCESS; +# 1255| } else if (!(test_and_set_bit(BNX2FC_FLAG_ABTS_DONE, + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1134: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "lport->state != LPORT_ST_READY", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "!lport->link_up", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1147: lock: Locking "&tgt->tgt_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1148: def: Assigning data that might be protected by the lock to "io_req". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1149: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1161: path: Condition "tgt != io_req->tgt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1169: path: Condition "tgt->flush_in_prog", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1177: path: Condition "io_req->on_active_queue == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1203: path: Condition "test_and_set_bit(2, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1226: path: Condition "cancel_delayed_work(&io_req->timeout_work)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1232: path: Condition "rc == FAILED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1241: unlock: Unlocking "&tgt->tgt_lock". "io_req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1246: path: Condition "time_left", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1252: path: Condition "test_bit(9, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1255: path: Condition "!test_and_set_bit(3, &io_req->req_flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1258: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1250: lockagain: Locking "&tgt->tgt_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1264: use: Using an unreliable value of "io_req" inside the second locked section. If the data that "io_req" depends on was changed by another thread, this use might be incorrect. +# 1262| * to SCSI ML. +# 1263| */ +# 1264|-> rc = bnx2fc_abts_cleanup(io_req); +# 1265| goto done; +# 1266| } else { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1134: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "lport->state != LPORT_ST_READY", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1138: path: Condition "!lport->link_up", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1147: lock: Locking "&tgt->tgt_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1148: def: Assigning data that might be protected by the lock to "io_req". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1149: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1161: path: Condition "tgt != io_req->tgt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1169: path: Condition "tgt->flush_in_prog", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1177: path: Condition "io_req->on_active_queue == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1203: path: Condition "test_and_set_bit(2, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1226: path: Condition "cancel_delayed_work(&io_req->timeout_work)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1232: path: Condition "rc == FAILED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1241: unlock: Unlocking "&tgt->tgt_lock". "io_req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1246: path: Condition "time_left", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1252: path: Condition "test_bit(9, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1255: path: Condition "!test_and_set_bit(3, &io_req->req_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1250: lockagain: Locking "&tgt->tgt_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c:1272: use: Using an unreliable value of "io_req" inside the second locked section. If the data that "io_req" depends on was changed by another thread, this use might be incorrect. +# 1270| * completion happens just in time. +# 1271| */ +# 1272|-> BNX2FC_IO_DBG(io_req, "abort succeeded\n"); +# 1273| rc = SUCCESS; +# 1274| bnx2fc_scsi_done(io_req, DID_ABORT); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:427: lock: Locking "&hw->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:428: def: Assigning data that might be protected by the lock to "mbp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:429: path: Condition "!mbp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:443: path: Condition "retry < 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:450: path: Condition "ret != -16", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:454: unlock: Unlocking "&hw->lock". "mbp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:457: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:443: path: Condition "retry < 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:456: lockagain: Locking "&hw->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:449: use: Using an unreliable value of "mbp" inside the second locked section. If the data that "mbp" depends on was changed by another thread, this use might be incorrect. +# 447| * lock is held till completion of vnp mbox cmd. +# 448| */ +# 449|-> ret = csio_mb_issue(hw, mbp); +# 450| if (ret != -EBUSY) +# 451| break; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:508: lock: Locking "&hw->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:509: def: Assigning data that might be protected by the lock to "mbp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:510: path: Condition "!mbp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:520: path: Condition "retry < 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:522: path: Condition "ret != -16", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:526: unlock: Unlocking "&hw->lock". "mbp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:529: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:520: path: Condition "retry < 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:528: lockagain: Locking "&hw->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c:521: use: Using an unreliable value of "mbp" inside the second locked section. If the data that "mbp" depends on was changed by another thread, this use might be incorrect. +# 519| +# 520| for (retry = 0; retry < 3; retry++) { +# 521|-> ret = csio_mb_issue(hw, mbp); +# 522| if (ret != -EBUSY) +# 523| break; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:548: infer_lock: Assuming "&hw->lock" is locked since it is unlocked without prior lock in this function. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:550: def: Assigning data that might be protected by the lock to "ln". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:553: unlock: Unlocking "&hw->lock". "ln" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:557: path: Condition "rn->role & 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:560: path: Condition "rn->nport_id == FC_FID_MGMT_SERV", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:555: lockagain: Locking "&hw->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c:561: use: Using an unreliable value of "ln" inside the second locked section. If the data that "ln" depends on was changed by another thread, this use might be incorrect. +# 559| +# 560| if (rn->nport_id == FC_FID_MGMT_SERV) +# 561|-> csio_ln_fdmi_start(ln, (void *) rn); +# 562| } +# 563| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:404: path: Condition "skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:407: path: Condition "port->fcoe_pending_queue_active", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:411: path: Condition "port->fcoe_pending_queue.qlen", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:418: lock: Locking "&port->fcoe_pending_queue.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:420: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:428: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:411: path: Condition "port->fcoe_pending_queue.qlen", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:414: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:416: unlock: Unlocking "&port->fcoe_pending_queue.lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:420: path: Condition "rc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:418: lockagain: Locking "&port->fcoe_pending_queue.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c:421: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 419| +# 420| if (rc) { +# 421|-> __skb_queue_head(&port->fcoe_pending_queue, skb); +# 422| /* undo temporary increment above */ +# 423| port->fcoe_pending_queue.qlen--; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1220: lock: Locking "spinlock_check(&fnic->fnic_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1222: def: Assigning data that might be protected by the lock to "old_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1223: path: Switch case value "FNIC_IN_FC_MODE". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1228: unlock: Unlocking "&fnic->fnic_lock". "old_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1233: path: Condition "fnic->state != FNIC_IN_FC_TRANS_ETH_MODE", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1235: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1232: lockagain: Locking "spinlock_check(&fnic->fnic_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c:1236: use: Using an unreliable value of "old_state" inside the second locked section. If the data that "old_state" depends on was changed by another thread, this use might be incorrect. +# 1234| goto again; +# 1235| if (ret) +# 1236|-> fnic->state = old_state; +# 1237| break; +# 1238| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1576: lock: Locking "spinlock_check(io_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1580: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1580: path: Condition "io_req->port_id != iter_data->port_id", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1585: path: Condition "sc->SCp.Status & (4096UL /* 1UL << 12 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1585: path: Condition "!(sc->SCp.Status & (8192UL /* 1UL << 13 */))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1598: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1602: path: Condition "io_req->abts_done", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1609: path: Condition "!(sc->SCp.Status & (2UL /* 1UL << 1 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1616: def: Assigning data that might be protected by the lock to "old_ioreq_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1619: path: Condition "sc->SCp.Status & (4096UL /* 1UL << 12 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1623: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1625: path: Condition "io_req->abts_done", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1627: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1630: unlock: Unlocking "io_lock". "old_ioreq_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1635: path: Condition "fnic_queue_abort_io_req(fnic, abt_tag, FCPIO_ITMF_ABT_TASK_TERM, fc_lun.scsi_lun, io_req)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1645: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1644: lockagain: Locking "spinlock_check(io_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1646: use: Using an unreliable value of "old_ioreq_state" inside the second locked section. If the data that "old_ioreq_state" depends on was changed by another thread, this use might be incorrect. +# 1644| spin_lock_irqsave(io_lock, flags); +# 1645| if (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING) +# 1646|-> CMD_STATE(sc) = old_ioreq_state; +# 1647| spin_unlock_irqrestore(io_lock, flags); +# 1648| } else { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1757: path: Condition "scsi_is_fc_rport(scsi_target(sc->device)->dev.parent)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1758: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1765: path: Condition "lp->state != LPORT_ST_READY", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1765: path: Condition "!lp->link_up", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1783: lock: Locking "spinlock_check(io_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1785: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1792: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1798: path: Condition "abt_issued_time <= 6000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1799: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1813: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1821: def: Assigning data that might be protected by the lock to "old_ioreq_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1825: unlock: Unlocking "io_lock". "old_ioreq_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1832: path: Condition "fc_remote_port_chkready(rport) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1833: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1842: path: Condition "fnic_queue_abort_io_req(fnic, tag, task_req, fc_lun.scsi_lun, io_req)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1845: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1844: lockagain: Locking "spinlock_check(io_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:1846: use: Using an unreliable value of "old_ioreq_state" inside the second locked section. If the data that "old_ioreq_state" depends on was changed by another thread, this use might be incorrect. +# 1844| spin_lock_irqsave(io_lock, flags); +# 1845| if (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING) +# 1846|-> CMD_STATE(sc) = old_ioreq_state; +# 1847| io_req = (struct fnic_io_req *)CMD_SP(sc); +# 1848| if (io_req) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2031: path: Condition "sc == iter_data->lr_sc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2031: path: Condition "sc->device != lun_dev", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2035: lock: Locking "spinlock_check(io_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2037: path: Condition "!io_req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2046: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2050: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2054: path: Condition "sc->SCp.Status & (4096UL /* 1UL << 12 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2054: path: Condition "!(sc->SCp.Status & (8192UL /* 1UL << 13 */))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2063: path: Condition "io_req->abts_done", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2067: def: Assigning data that might be protected by the lock to "old_ioreq_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2077: path: Condition "io_req->abts_done", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2079: path: Condition "sc->SCp.Status & (4096UL /* 1UL << 12 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2081: path: Condition "!!(fnic_log_level & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2087: unlock: Unlocking "io_lock". "old_ioreq_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2092: path: Condition "fnic_queue_abort_io_req(fnic, abt_tag, FCPIO_ITMF_ABT_TASK_TERM, fc_lun.scsi_lun, io_req)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2097: path: Condition "io_req", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2099: path: Condition "sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2095: lockagain: Locking "spinlock_check(io_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2100: use: Using an unreliable value of "old_ioreq_state" inside the second locked section. If the data that "old_ioreq_state" depends on was changed by another thread, this use might be incorrect. +# 2098| io_req->abts_done = NULL; +# 2099| if (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING) +# 2100|-> CMD_STATE(sc) = old_ioreq_state; +# 2101| spin_unlock_irqrestore(io_lock, flags); +# 2102| iter_data->ret = FAILED; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2580: lock: Locking "spinlock_check(&fnic->fnic_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2581: path: Condition "!!(fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2581: path: Condition "fnic->link_events", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2590: def: Assigning data that might be protected by the lock to "old_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2593: unlock: Unlocking "&fnic->fnic_lock". "old_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2596: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2598: path: Condition "fnic->state == FNIC_IN_FC_TRANS_ETH_MODE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2597: lockagain: Locking "spinlock_check(&fnic->fnic_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2599: use: Using an unreliable value of "old_state" inside the second locked section. If the data that "old_state" depends on was changed by another thread, this use might be incorrect. +# 2597| spin_lock_irqsave(&fnic->fnic_lock, flags); +# 2598| if (fnic->state == FNIC_IN_FC_TRANS_ETH_MODE) +# 2599|-> fnic->state = old_state; +# 2600| fnic->remove_wait = NULL; +# 2601| spin_unlock_irqrestore(&fnic->fnic_lock, flags); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2630: lock: Locking "spinlock_check(&fnic->fnic_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2631: path: Condition "!!(fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2637: def: Assigning data that might be protected by the lock to "old_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2640: unlock: Unlocking "&fnic->fnic_lock". "old_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2642: path: Condition "fnic_fw_reset_handler(fnic)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2644: path: Condition "fnic->state == FNIC_IN_FC_TRANS_ETH_MODE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2643: lockagain: Locking "spinlock_check(&fnic->fnic_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c:2645: use: Using an unreliable value of "old_state" inside the second locked section. If the data that "old_state" depends on was changed by another thread, this use might be incorrect. +# 2643| spin_lock_irqsave(&fnic->fnic_lock, flags); +# 2644| if (fnic->state == FNIC_IN_FC_TRANS_ETH_MODE) +# 2645|-> fnic->state = old_state; +# 2646| spin_unlock_irqrestore(&fnic->fnic_lock, flags); +# 2647| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8486: lock: Locking "spinlock_check(&h->offline_device_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8487: def: Assigning data that might be protected by the lock to "tmp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8487: path: Condition "!list_is_head(this, &h->offline_device_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8490: unlock: Unlocking "&h->offline_device_lock". "tmp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8491: path: Condition "!hpsa_volume_offline(h, d->scsi3addr)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8498: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8497: lockagain: Locking "spinlock_check(&h->offline_device_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c:8487: use: Using an unreliable value of "tmp" inside the second locked section. If the data that "tmp" depends on was changed by another thread, this use might be incorrect. +# 8485| +# 8486| spin_lock_irqsave(&h->offline_device_lock, flags); +# 8487|-> list_for_each_safe(this, tmp, &h->offline_device_list) { +# 8488| d = list_entry(this, struct offline_device_entry, +# 8489| offline_list); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1178: path: Condition "job->request_len < 36UL /* sizeof (struct fc_bsg_request) + sizeof (struct set_ct_event) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1191: lock: Locking "spinlock_check(&phba->ct_ev_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1192: path: Condition "!(&evt->node == &phba->ct_ev_waiters)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1193: path: Condition "evt->reg_id == event_req->ev_reg_id", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1196: def: Assigning data that might be protected by the lock to "dd_data". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1197: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1200: unlock: Unlocking "&phba->ct_ev_lock". "dd_data" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1202: path: Condition "&evt->node == &phba->ct_ev_waiters", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1231: lockagain: Locking "spinlock_check(&phba->ct_ev_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c:1234: use: Using an unreliable value of "dd_data" inside the second locked section. If the data that "dd_data" depends on was changed by another thread, this use might be incorrect. +# 1232| evt->waiting = 1; +# 1233| dd_data->set_job = job; /* for unsolicited command */ +# 1234|-> job->dd_data = dd_data; /* for fc transport timeout callback*/ +# 1235| spin_unlock_irqrestore(&phba->ct_ev_lock, flags); +# 1236| return 0; /* call job done later */ + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9616: lock: Locking "spinlock_check(&phba->hbalock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9617: def: Assigning data that might be protected by the lock to "pring". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9620: path: Condition "!!!pring", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9625: path: Condition "phba->sli_rev == 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9629: path: Condition "!(&piocb->list == &pring->txcmplq)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9630: path: Condition "piocb->cmd_flag & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9631: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9629: path: Condition "!(&piocb->list == &pring->txcmplq)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9630: path: Condition "piocb->cmd_flag & 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9633: path: Condition "piocb->vport != vport", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9636: path: Condition "piocb->cmd_flag & 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9643: path: Condition "ulp_command == 138", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9653: path: Condition "phba->link_state == LPFC_LINK_DOWN", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9656: path: Condition "ulp_command == 194", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9658: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9629: path: Condition "!(&piocb->list == &pring->txcmplq)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9660: path: Condition "phba->sli_rev == 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9662: unlock: Unlocking "&phba->hbalock". "pring" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9665: path: Condition "!(&piocb->dlist == &abort_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9666: lockagain: Locking "spinlock_check(&phba->hbalock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c:9668: use: Using an unreliable value of "pring" inside the second locked section. If the data that "pring" depends on was changed by another thread, this use might be incorrect. +# 9666| spin_lock_irqsave(&phba->hbalock, iflags); +# 9667| list_del_init(&piocb->dlist); +# 9668|-> lpfc_sli_issue_abort_iotag(phba, pring, piocb, NULL); +# 9669| spin_unlock_irqrestore(&phba->hbalock, iflags); +# 9670| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8961: path: Condition "!phba->sli4_hba.rpi_hdrs_in_use", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8963: path: Condition "phba->sli4_hba.extents_in_use", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8969: lock: Locking "&phba->hbalock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8975: def: Assigning data that might be protected by the lock to "curr_rpi_range". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8976: unlock: Unlocking "&phba->hbalock". "curr_rpi_range" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8979: path: Condition "curr_rpi_range == rpi_limit", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8987: path: Condition "!dmabuf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8993: path: Condition "!dmabuf->virt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:8998: path: Condition "!((dmabuf->phys & 4095ULL /* (dma_addr_t)4096 - 1 */) == 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:9005: path: Condition "!rpi_hdr", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:9011: lockagain: Locking "&phba->hbalock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c:9014: use: Using an unreliable value of "curr_rpi_range" inside the second locked section. If the data that "curr_rpi_range" depends on was changed by another thread, this use might be incorrect. +# 9012| +# 9013| /* The rpi_hdr stores the logical index only. */ +# 9014|-> rpi_hdr->start_rpi = curr_rpi_range; +# 9015| rpi_hdr->next_rpi = phba->sli4_hba.next_rpi + LPFC_RPI_HDR_COUNT; +# 9016| list_add_tail(&rpi_hdr->list, &phba->sli4_hba.lpfc_rpi_hdr_list); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2122: lock: Locking "&phba->hbalock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2123: def: Assigning data that might be protected by the lock to "iotag". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2124: path: Condition "++iotag < psli->iocbq_lookup_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2130: path: Condition "psli->iocbq_lookup_len < 64511UL /* 65535 - 1024 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2133: unlock: Unlocking "&phba->hbalock". "iotag" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2136: path: Condition "new_arr", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2139: path: Condition "new_len <= psli->iocbq_lookup_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2153: path: Condition "psli->iocbq_lookup", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2137: lockagain: Locking "&phba->hbalock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:2159: use: Using an unreliable value of "iotag" inside the second locked section. If the data that "iotag" depends on was changed by another thread, this use might be incorrect. +# 2157| psli->iocbq_lookup = new_arr; +# 2158| psli->iocbq_lookup_len = new_len; +# 2159|-> psli->last_iotag = iotag; +# 2160| psli->iocbq_lookup[iotag] = iocbq; +# 2161| spin_unlock_irq(&phba->hbalock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4014: path: Condition "!!(portRspPut >= portRspMax)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4019: path: Condition "phba->fcp_ring_in_use", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4089: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4089: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4094: path: Condition "!!!cmdiocbq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4095: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4089: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4084: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4089: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_ABORT_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4083: path: Condition "!!(irsp->ulpCommand == 23)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4094: path: Condition "!!!cmdiocbq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4096: path: Condition "cmdiocbq->cmd_flag & 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4098: path: Condition "cmdiocbq->cmd_cmpl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4103: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case value "LPFC_UNSOL_IOCB". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4107: lock: Locking "spinlock_check(&phba->hbalock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4108: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4140: path: Condition "pring->sli.sli3.rspidx == portRspPut", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4142: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4026: path: Condition "pring->sli.sli3.rspidx != portRspPut", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4035: path: Condition "++pring->sli.sli3.rspidx >= portRspMax", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4044: def: Assigning data that might be protected by the lock to "type". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4048: path: Condition "!!irsp->ulpStatus", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "irsp->ulpStatus == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4053: path: Condition "(irsp->un.ulpWord[4] & 511) == 17", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4056: unlock: Unlocking "&phba->hbalock". "type" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "2048 & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Condition "0U /* 2048 & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4062: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4076: path: Switch case default. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4110: path: Condition "irsp->ulpCommand == 32", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4120: path: Condition "0x80000000U & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4120: path: Condition "1 /* 0x80000000U & 0x80000000U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4120: path: Condition "!log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4058: lockagain: Locking "spinlock_check(&phba->hbalock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:4120: use: Using an unreliable value of "type" inside the second locked section. If the data that "type" depends on was changed by another thread, this use might be incorrect. +# 4118| } else { +# 4119| /* Unknown IOCB command */ +# 4120|-> lpfc_printf_log(phba, KERN_ERR, LOG_TRACE_EVENT, +# 4121| "0334 Unknown IOCB command " +# 4122| "Data: x%x, x%x x%x x%x x%x\n", + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10232: path: Condition "!!!phba->sli4_hba.intr_enable", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10236: lock: Locking "spinlock_check(&phba->hbalock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10237: path: Condition "!!(psli->sli_flag & 8192)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10241: path: Condition "psli->sli_flag & 256", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10245: path: Condition "!!phba->sli.mbox_active", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10255: def: Assigning data that might be protected by the lock to "mboxq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10258: path: Condition "!mboxq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10264: unlock: Unlocking "&phba->hbalock". "mboxq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10268: path: Condition "!!rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10280: path: Condition "(2052U /* 4 | 0x800 */) & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10280: path: Condition "0U /* (4 | 0x800) & 0x80000000U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10280: path: Condition "mboxq->vport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10280: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10288: path: Condition "mbx_cmnd != 49", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10289: path: Condition "mboxq->vport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10295: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10307: path: Condition "rc != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10308: path: Condition "0x80000000U & log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10308: path: Condition "1 /* 0x80000000U & 0x80000000U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10308: path: Condition "!log_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10308: path: Condition "mboxq->vport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10308: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10316: path: Jumping to label "out_not_finished". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10323: path: Condition "phba->sli.mbox_active", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10322: lockagain: Locking "spinlock_check(&phba->hbalock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:10325: use: Using an unreliable value of "mboxq" inside the second locked section. If the data that "mboxq" depends on was changed by another thread, this use might be incorrect. +#10323| if (phba->sli.mbox_active) { +#10324| mboxq->u.mb.mbxStatus = MBX_NOT_FINISHED; +#10325|-> __lpfc_mbox_cmpl_put(phba, mboxq); +#10326| /* Release the token */ +#10327| psli->sli_flag &= ~LPFC_SLI_MBOX_ACTIVE; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14347: path: Condition "!((mcqe->trailer >> 28) & 1)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14351: lock: Locking "spinlock_check(&phba->hbalock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14352: def: Assigning data that might be protected by the lock to "pmb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14353: path: Condition "!!!pmb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14359: unlock: Unlocking "&phba->hbalock". "pmb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14370: path: Condition "pmb->mbox_cmpl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14370: path: Condition "mbox", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14378: path: Condition "mcqe_status != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14379: path: Condition "((mqe->word0 >> 16) & 65535) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14383: path: Condition "pmb->mbox_flag & 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14389: path: Condition "mcqe_status == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14425: unlock: Unlocking "&phba->pport->work_port_lock". "pmb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14428: path: Condition "(*pmbox).mbxCommand == 49", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14447: lockagain: Locking "spinlock_check(&phba->hbalock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c:14448: use: Using an unreliable value of "pmb" inside the second locked section. If the data that "pmb" depends on was changed by another thread, this use might be incorrect. +#14446| /* There is mailbox completion work to queue to the worker thread */ +#14447| spin_lock_irqsave(&phba->hbalock, iflags); +#14448|-> __lpfc_mbox_cmpl_put(phba, pmb); +#14449| phba->work_ha |= HA_MBATT; +#14450| spin_unlock_irqrestore(&phba->hbalock, iflags); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5301: lock: Locking "spinlock_check(&vha->hw->tgt.sess_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5302: def: Assigning data that might be protected by the lock to "fcport". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5303: path: Condition "fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5305: path: Condition "pla", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5316: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5377: unlock: Unlocking "&vha->hw->tgt.sess_lock". "fcport" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5379: path: Condition "fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5385: path: Condition "pla", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5414: path: Condition "tfcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5414: path: Condition "tfcp != fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5423: path: Switch case value "DSC_DELETE_PEND". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5411: lockagain: Locking "spinlock_check(&vha->hw->tgt.sess_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5428: use: Using an unreliable value of "fcport" inside the second locked section. If the data that "fcport" depends on was changed by another thread, this use might be incorrect. +# 5426| case DSC_DELETE_PEND: +# 5427| fcport->login_pause = 1; +# 5428|-> tfcp->conflict = fcport; +# 5429| break; +# 5430| default: + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5301: lock: Locking "spinlock_check(&vha->hw->tgt.sess_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5302: def: Assigning data that might be protected by the lock to "fcport". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5303: path: Condition "fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5305: path: Condition "pla", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5316: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5377: unlock: Unlocking "&vha->hw->tgt.sess_lock". "fcport" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5379: path: Condition "fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5385: path: Condition "pla", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5414: path: Condition "tfcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5414: path: Condition "tfcp != fcport", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5423: path: Switch case default. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5411: lockagain: Locking "spinlock_check(&vha->hw->tgt.sess_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c:5432: use: Using an unreliable value of "fcport" inside the second locked section. If the data that "fcport" depends on was changed by another thread, this use might be incorrect. +# 5430| default: +# 5431| fcport->login_pause = 1; +# 5432|-> tfcp->conflict = fcport; +# 5433| dfcp = tfcp; +# 5434| break; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:4974: path: Switch case value "32". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:4980: path: Condition "ha->prev_topology == 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:4980: path: Condition "!ha->current_topology", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:4980: path: Condition "ha->current_topology == 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:4980: path: Condition "!ha->current_topology", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5007: path: Condition "port_id.b.domain == 255", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5007: path: Condition "(port_id.b.area & 0xf0) == 0xf0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5014: path: Condition "wwn", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5015: lock: Locking "spinlock_check(&tgt->ha->tgt.sess_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5016: def: Assigning data that might be protected by the lock to "sess". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5018: unlock: Unlocking "&tgt->ha->tgt.sess_lock". "sess" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5021: path: Condition "conflict_sess", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5022: path: Switch case value "DSC_DELETED". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5025: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5038: path: Condition "sess != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5042: path: Condition "vha->hw->flags.edif_enabled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5042: path: Condition "sess", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5042: path: Condition "!(sess->flags & 64)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5042: path: Condition "!sess->edif.authok", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5053: path: Switch case value "DSC_LS_PLOGI_PEND". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5057: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5063: path: Switch case value "DSC_LOGIN_PEND". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5085: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5090: path: Condition "delete", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5052: lockagain: Locking "spinlock_check(&tgt->ha->tgt.sess_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c:5110: use: Using an unreliable value of "sess" inside the second locked section. If the data that "sess" depends on was changed by another thread, this use might be incorrect. +# 5108| * since we have deleted the old session during PLOGI +# 5109| */ +# 5110|-> ql_dbg(ql_dbg_tgt_mgt, vha, 0xf096, +# 5111| "PRLI (loop_id %#04x) for existing sess %p (loop_id %#04x)\n", +# 5112| sess->loop_id, sess, iocb->u.isp24.nport_handle); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5602: path: Condition "!!(devip == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5609: path: Condition "delta_jiff == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5613: lock: Locking "spinlock_check(&sqp->qc_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5614: path: Condition "!!atomic_read(&sqp->blocked)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "qdepth > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "num_in_q >= qdepth", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5621: path: Condition "scsi_result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5626: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5638: def: Assigning data that might be protected by the lock to "k". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5639: path: Condition "!!(k >= sdebug_max_queue)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5655: unlock: Unlocking "&sqp->qc_lock". "k" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5657: path: Condition "!sd_dp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5659: path: Condition "!sd_dp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5665: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5670: path: Condition "sdebug_host_max_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5673: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5677: path: Condition "pfp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5678: path: Condition "cmnd->result & 0x40000000", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "cmnd->result == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "scsi_result != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5684: path: Condition "cmnd->result == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "sdebug_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "cmnd->result", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "delta_jiff > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "ndelay > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5699: path: Condition "delta_jiff > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5712: path: Condition "sdebug_random", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5714: path: Condition "ndelay < 1000000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5717: path: Condition "kt <= d", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5718: lockagain: Locking "spinlock_check(&sqp->qc_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5721: use: Using an unreliable value of "k" inside the second locked section. If the data that "k" depends on was changed by another thread, this use might be incorrect. +# 5719| sqcp->a_cmnd = NULL; +# 5720| atomic_dec(&devip->num_in_q); +# 5721|-> clear_bit(k, sqp->in_use_bm); +# 5722| spin_unlock_irqrestore(&sqp->qc_lock, iflags); +# 5723| if (new_sd_dp) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5602: path: Condition "!!(devip == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5609: path: Condition "delta_jiff == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5613: lock: Locking "spinlock_check(&sqp->qc_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5614: path: Condition "!!atomic_read(&sqp->blocked)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "qdepth > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "num_in_q >= qdepth", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5621: path: Condition "scsi_result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5626: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5638: def: Assigning data that might be protected by the lock to "k". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5639: path: Condition "!!(k >= sdebug_max_queue)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5655: unlock: Unlocking "&sqp->qc_lock". "k" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5657: path: Condition "!sd_dp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5659: path: Condition "!sd_dp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5665: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5670: path: Condition "sdebug_host_max_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5673: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5677: path: Condition "pfp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5678: path: Condition "cmnd->result & 0x40000000", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "cmnd->result == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "scsi_result != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5684: path: Condition "cmnd->result == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "sdebug_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "cmnd->result", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "delta_jiff > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5699: path: Condition "delta_jiff > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5702: path: Condition "sdebug_random", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5702: path: Condition "ns < 4294967295ULL /* (u32)~0U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5704: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5711: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5733: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5736: path: Condition "!sd_dp->init_poll", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5735: lockagain: Locking "spinlock_check(&sqp->qc_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5740: use: Using an unreliable value of "k" inside the second locked section. If the data that "k" depends on was changed by another thread, this use might be incorrect. +# 5738| sqcp->sd_dp = sd_dp; +# 5739| sd_dp->sqa_idx = sqp - sdebug_q_arr; +# 5740|-> sd_dp->qc_idx = k; +# 5741| } +# 5742| WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5602: path: Condition "!!(devip == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5609: path: Condition "delta_jiff == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5613: lock: Locking "spinlock_check(&sqp->qc_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5614: path: Condition "!!atomic_read(&sqp->blocked)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "qdepth > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "num_in_q >= qdepth", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5621: path: Condition "scsi_result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5626: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5639: path: Condition "!!(k >= sdebug_max_queue)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5654: def: Assigning data that might be protected by the lock to "sd_dp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5655: unlock: Unlocking "&sqp->qc_lock". "sd_dp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5657: path: Condition "!sd_dp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5670: path: Condition "sdebug_host_max_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5673: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5677: path: Condition "pfp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5678: path: Condition "cmnd->result & 0x40000000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "cmnd->result == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "scsi_result != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5684: path: Condition "cmnd->result == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "sdebug_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "cmnd->result", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "delta_jiff > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "ndelay > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5761: path: Condition "sdebug_opts & 0x10000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5761: path: Condition "atomic_read(&sdeb_inject_pending)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5764: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5767: path: Condition "!sd_dp->init_poll", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5766: lockagain: Locking "spinlock_check(&sqp->qc_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5769: use: Using an unreliable value of "sd_dp" inside the second locked section. If the data that "sd_dp" depends on was changed by another thread, this use might be incorrect. +# 5767| if (!sd_dp->init_poll) { +# 5768| sd_dp->init_poll = true; +# 5769|-> sqcp->sd_dp = sd_dp; +# 5770| sd_dp->sqa_idx = sqp - sdebug_q_arr; +# 5771| sd_dp->qc_idx = k; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5602: path: Condition "!!(devip == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5609: path: Condition "delta_jiff == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5613: lock: Locking "spinlock_check(&sqp->qc_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5614: path: Condition "!!atomic_read(&sqp->blocked)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "qdepth > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5620: path: Condition "num_in_q >= qdepth", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5621: path: Condition "scsi_result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5626: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5638: def: Assigning data that might be protected by the lock to "k". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5639: path: Condition "!!(k >= sdebug_max_queue)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5655: unlock: Unlocking "&sqp->qc_lock". "k" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5657: path: Condition "!sd_dp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5659: path: Condition "!sd_dp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5665: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5670: path: Condition "sdebug_host_max_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5673: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5677: path: Condition "pfp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5678: path: Condition "cmnd->result & 0x40000000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "cmnd->result == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5682: path: Condition "scsi_result != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5684: path: Condition "cmnd->result == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "sdebug_verbose", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5692: path: Condition "cmnd->result", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "delta_jiff > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5696: path: Condition "ndelay > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5761: path: Condition "sdebug_opts & 0x10000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5761: path: Condition "atomic_read(&sdeb_inject_pending)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5764: path: Condition "polled", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5767: path: Condition "!sd_dp->init_poll", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5766: lockagain: Locking "spinlock_check(&sqp->qc_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c:5771: use: Using an unreliable value of "k" inside the second locked section. If the data that "k" depends on was changed by another thread, this use might be incorrect. +# 5769| sqcp->sd_dp = sd_dp; +# 5770| sd_dp->sqa_idx = sqp - sdebug_q_arr; +# 5771|-> sd_dp->qc_idx = k; +# 5772| } +# 5773| WRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:907: lock: Locking "spinlock_check(&adapter->hw_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:909: def: Assigning data that might be protected by the lock to "use_msg". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:911: path: Condition "use_msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:913: unlock: Unlocking "&adapter->hw_lock". "use_msg" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:919: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:920: lockagain: Locking "spinlock_check(&adapter->hw_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c:943: use: Using an unreliable value of "use_msg" inside the second locked section. If the data that "use_msg" depends on was changed by another thread, this use might be incorrect. +# 941| +# 942| pvscsi_reset_all(adapter); +# 943|-> adapter->use_msg = use_msg; +# 944| pvscsi_setup_all_rings(adapter); +# 945| pvscsi_unmask_intr(adapter); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_sess", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_lun", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3176: path: Condition "!pr_reg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3185: path: Condition "res_key != pr_reg->pr_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3195: path: Condition "!sa_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3208: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3218: path: Condition "tid_len + 24 != cmd->data_length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3229: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3233: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3238: path: Condition "core_scsi3_tpg_depend_item(dest_se_tpg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3247: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_se_tpg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3260: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3269: path: Condition "proto_ident != dest_se_tpg->proto_id", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3280: path: Condition "!initiator_str", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3303: path: Condition "!strcmp(initiator_str, pr_reg_nacl->initiatorname)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3305: path: Condition "!matching_iname", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3306: path: Jumping to label "after_iport_check". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3330: path: Condition "dest_node_acl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3334: path: Condition "!dest_node_acl", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3342: path: Condition "core_scsi3_nodeacl_depend_item(dest_node_acl)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3360: path: Condition "!dest_se_deve", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3367: path: Condition "core_scsi3_lunacl_depend_item(dest_se_deve)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3384: lock: Locking "&dev->dev_reservation_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3386: path: Condition "!pr_res_holder", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3399: path: Condition "!is_reservation_holder(pr_res_holder, pr_reg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 7", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3424: def: Assigning data that might be protected by the lock to "pr_res_nacl". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3450: path: Condition "!dest_pr_reg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3453: unlock: Unlocking "&dev->dev_reservation_lock". "pr_res_nacl" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3454: path: Condition "core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3464: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3460: lockagain: Locking "&dev->dev_reservation_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3475: use: Using an unreliable value of "pr_res_nacl" inside the second locked section. If the data that "pr_res_nacl" depends on was changed by another thread, this use might be incorrect. +# 3473| * holder (i.e., the I_T nexus on which the +# 3474| */ +# 3475|-> __core_scsi3_complete_pro_release(dev, pr_res_nacl, +# 3476| dev->dev_pr_res_holder, 0, 0); +# 3477| /* + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_sess", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_lun", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3176: path: Condition "!pr_reg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3185: path: Condition "res_key != pr_reg->pr_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3195: path: Condition "!sa_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3208: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3218: path: Condition "tid_len + 24 != cmd->data_length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3229: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3233: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3238: path: Condition "core_scsi3_tpg_depend_item(dest_se_tpg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3247: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_se_tpg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3260: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3269: path: Condition "proto_ident != dest_se_tpg->proto_id", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3280: path: Condition "!initiator_str", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3303: path: Condition "!strcmp(initiator_str, pr_reg_nacl->initiatorname)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3305: path: Condition "!matching_iname", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3306: path: Jumping to label "after_iport_check". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3330: path: Condition "dest_node_acl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3334: path: Condition "!dest_node_acl", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3342: path: Condition "core_scsi3_nodeacl_depend_item(dest_node_acl)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3360: path: Condition "!dest_se_deve", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3367: path: Condition "core_scsi3_lunacl_depend_item(dest_se_deve)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3384: lock: Locking "&dev->dev_reservation_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3386: path: Condition "!pr_res_holder", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3399: path: Condition "!is_reservation_holder(pr_res_holder, pr_reg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 7", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3428: def: Assigning data that might be protected by the lock to "type". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3450: path: Condition "!dest_pr_reg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3453: unlock: Unlocking "&dev->dev_reservation_lock". "type" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3454: path: Condition "core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3464: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3460: lockagain: Locking "&dev->dev_reservation_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3484: use: Using an unreliable value of "type" inside the second locked section. If the data that "type" depends on was changed by another thread, this use might be incorrect. +# 3482| dev->dev_pr_res_holder = dest_pr_reg; +# 3483| dest_pr_reg->pr_res_holder = 1; +# 3484|-> dest_pr_reg->pr_res_type = type; +# 3485| pr_reg->pr_res_scope = scope; +# 3486| core_pr_dump_initiator_port(pr_reg, i_buf, PR_REG_ISID_ID_LEN); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_sess", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3161: path: Condition "!se_lun", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3176: path: Condition "!pr_reg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3185: path: Condition "res_key != pr_reg->pr_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3195: path: Condition "!sa_res_key", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3208: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3218: path: Condition "tid_len + 24 != cmd->data_length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3229: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3233: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3227: path: Condition "!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3228: path: Condition "tmp_lun->lun_rtpi != rtpi", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3232: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3238: path: Condition "core_scsi3_tpg_depend_item(dest_se_tpg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3247: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_se_tpg", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3251: path: Condition "!dest_tf_ops", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3260: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3266: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3269: path: Condition "proto_ident != dest_se_tpg->proto_id", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3280: path: Condition "!initiator_str", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3290: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3303: path: Condition "!strcmp(initiator_str, pr_reg_nacl->initiatorname)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3305: path: Condition "!matching_iname", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3306: path: Jumping to label "after_iport_check". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3330: path: Condition "dest_node_acl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3334: path: Condition "!dest_node_acl", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3342: path: Condition "core_scsi3_nodeacl_depend_item(dest_node_acl)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3351: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3360: path: Condition "!dest_se_deve", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3367: path: Condition "core_scsi3_lunacl_depend_item(dest_se_deve)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3375: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3384: lock: Locking "&dev->dev_reservation_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3386: path: Condition "!pr_res_holder", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3399: path: Condition "!is_reservation_holder(pr_res_holder, pr_reg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 7", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3415: path: Condition "pr_res_holder->pr_res_type == 8", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3429: def: Assigning data that might be protected by the lock to "scope". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3450: path: Condition "!dest_pr_reg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3453: unlock: Unlocking "&dev->dev_reservation_lock". "scope" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3454: path: Condition "core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3464: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3460: lockagain: Locking "&dev->dev_reservation_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c:3485: use: Using an unreliable value of "scope" inside the second locked section. If the data that "scope" depends on was changed by another thread, this use might be incorrect. +# 3483| dest_pr_reg->pr_res_holder = 1; +# 3484| dest_pr_reg->pr_res_type = type; +# 3485|-> pr_reg->pr_res_scope = scope; +# 3486| core_pr_dump_initiator_port(pr_reg, i_buf, PR_REG_ISID_ID_LEN); +# 3487| /* + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:644: path: Condition "hp->n_outbuf > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:648: path: Condition "hp->n_outbuf > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:651: path: Condition "written_total", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:654: path: Condition "may_sleep", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:657: lock: Locking "spinlock_check(&hp->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:661: def: Assigning data that might be protected by the lock to "tty". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:662: path: Condition "tty == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:666: path: Condition "tty_throttled(tty)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:672: path: Condition "!hp->irq_requested", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:680: path: Condition "count == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:686: path: Condition "n <= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:688: path: Condition "n == -32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:689: unlock: Unlocking "&hp->lock". "tty" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:692: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:700: path: Jumping to label "out". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:743: path: Condition "hp->do_wakeup", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:691: lockagain: Locking "spinlock_check(&hp->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c:745: use: Using an unreliable value of "tty" inside the second locked section. If the data that "tty" depends on was changed by another thread, this use might be incorrect. +# 743| if (hp->do_wakeup) { +# 744| hp->do_wakeup = 0; +# 745|-> tty_wakeup(tty); +# 746| } +# 747| bail: + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:493: lock: Locking "&hcd_root_hub_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:494: def: Assigning data that might be protected by the lock to "status". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:495: unlock: Unlocking "&hcd_root_hub_lock". "status" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:496: path: Condition "status", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:506: path: Condition "wLength > urb->transfer_buffer_length", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:513: path: Condition "__UNIQUE_ID___x324 > __UNIQUE_ID___y325", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:515: path: Condition "!tbuf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:524: path: Switch case value "0x8000 | 0". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:550: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:696: path: Condition "status < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:705: path: Condition "status > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:710: path: Condition "len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:711: path: Condition "urb->transfer_buffer_length < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:718: path: Condition "patch_wakeup", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:725: path: Condition "patch_protocol", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:736: lockagain: Locking "&hcd_root_hub_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c:738: use: Using an unreliable value of "status" inside the second locked section. If the data that "status" depends on was changed by another thread, this use might be incorrect. +# 736| spin_lock_irq(&hcd_root_hub_lock); +# 737| usb_hcd_unlink_urb_from_ep(hcd, urb); +# 738|-> usb_hcd_giveback_urb(hcd, urb, status); +# 739| spin_unlock_irq(&hcd_root_hub_lock); +# 740| return 0; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1247: path: Condition "!!(sched == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1252: path: Condition "urb->interval < 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1253: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1259: path: Condition "i < num_itds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1265: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1268: path: Condition "itd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1269: path: Jumping to label "alloc_itd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1278: path: Condition "!itd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1289: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1259: path: Condition "i < num_itds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1265: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1268: path: Condition "itd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1269: path: Jumping to label "alloc_itd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1277: lock: Locking "spinlock_check(&ehci->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1278: path: Condition "!itd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1289: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1259: path: Condition "i < num_itds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1265: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1268: path: Condition "itd->frame == ehci->now_frame", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1271: def: Assigning data that might be protected by the lock to "itd_dma". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1272: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1289: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1259: path: Condition "i < num_itds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1265: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1268: path: Condition "itd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1269: path: Jumping to label "alloc_itd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1274: unlock: Unlocking "&ehci->lock". "itd_dma" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1278: path: Condition "!itd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1277: lockagain: Locking "spinlock_check(&ehci->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:1286: use: Using an unreliable value of "itd_dma" inside the second locked section. If the data that "itd_dma" depends on was changed by another thread, this use might be incorrect. +# 1284| +# 1285| memset(itd, 0, sizeof(*itd)); +# 1286|-> itd->itd_dma = itd_dma; +# 1287| itd->frame = NO_FRAME; +# 1288| list_add(&itd->itd_list, &sched->td_list); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2045: path: Condition "iso_sched == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2052: path: Condition "i < urb->number_of_packets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2063: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2066: path: Condition "sitd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2067: path: Jumping to label "alloc_sitd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2076: path: Condition "!sitd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2087: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2052: path: Condition "i < urb->number_of_packets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2063: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2066: path: Condition "sitd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2067: path: Jumping to label "alloc_sitd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2075: lock: Locking "spinlock_check(&ehci->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2076: path: Condition "!sitd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2087: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2052: path: Condition "i < urb->number_of_packets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2063: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2066: path: Condition "sitd->frame == ehci->now_frame", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2069: def: Assigning data that might be protected by the lock to "sitd_dma". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2070: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2087: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2052: path: Condition "i < urb->number_of_packets", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2063: path: Condition "!!!list_empty(&stream->free_list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2066: path: Condition "sitd->frame == ehci->now_frame", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2067: path: Jumping to label "alloc_sitd". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2072: unlock: Unlocking "&ehci->lock". "sitd_dma" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2076: path: Condition "!sitd", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2075: lockagain: Locking "spinlock_check(&ehci->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c:2084: use: Using an unreliable value of "sitd_dma" inside the second locked section. If the data that "sitd_dma" depends on was changed by another thread, this use might be incorrect. +# 2082| +# 2083| memset(sitd, 0, sizeof(*sitd)); +# 2084|-> sitd->sitd_dma = sitd_dma; +# 2085| sitd->frame = NO_FRAME; +# 2086| list_add(&sitd->sitd_list, &iso_sched->td_list); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4561: path: Condition "xhci->quirks & (536870912ULL /* 1ULL << 29 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4564: path: Condition "hcd->speed >= 64", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4564: path: Condition "!xhci->hw_lpm_support", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4564: path: Condition "!udev->lpm_capable", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4568: path: Condition "!udev->parent", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4568: path: Condition "udev->parent->parent", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4568: path: Condition "udev->descriptor.bDeviceClass == 9", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4572: path: Condition "udev->usb2_hw_lpm_capable != 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4575: lock: Locking "spinlock_check(&xhci->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4580: def: Assigning data that might be protected by the lock to "pm_val". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4583: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4583: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4583: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4583: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4583: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4586: path: Condition "enable", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4588: path: Condition "udev->usb2_hw_lpm_besl_capable", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4594: path: Condition "field & (4U /* 1 << 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4594: path: Condition "field & (8U /* 1 << 3 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4596: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4601: unlock: Unlocking "&xhci->lock". "pm_val" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4605: path: Condition "ret < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4613: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4607: lockagain: Locking "spinlock_check(&xhci->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c:4619: use: Using an unreliable value of "pm_val" inside the second locked section. If the data that "pm_val" depends on was changed by another thread, this use might be incorrect. +# 4617| pm_val &= ~PORT_HIRD_MASK; +# 4618| pm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id); +# 4619|-> writel(pm_val, pm_addr); +# 4620| pm_val = readl(pm_addr); +# 4621| pm_val |= PORT_HLE; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:297: lock: Locking "spinlock_check(&priv->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:298: def: Assigning data that might be protected by the lock to "control_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:300: unlock: Unlocking "&priv->lock". "control_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:306: path: Condition "(cflag & 4111) != (old_cflag & 4111)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:308: path: Condition "(old_cflag & 4111) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:310: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 10, 64, 1, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:313: path: Condition "!(old_cflag & 0x80000000U)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:314: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 11, 64, 1, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:321: path: Condition "baud", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:324: path: Condition "urb_value == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:331: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 0, 64, urb_value, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:333: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:347: path: Condition "(cflag ^ old_cflag) & (768U /* 0x100 | 0x200 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:348: path: Condition "cflag & 256", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:349: path: Condition "cflag & 512", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:350: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:353: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 3, 64, urb_value, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:358: path: Condition "(cflag & 48) != (old_cflag & 48)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:360: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 2, 64, urb_value, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:365: path: Condition "(cflag & 64) != (old_cflag & 64)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:366: path: Condition "cflag & 64", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:368: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 1, 64, urb_value, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:374: path: Condition "(iflag ^ old_iflag) & (5120U /* 0x1000 | 0x400 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:377: path: Condition "iflag & 4096", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:378: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:382: path: Condition "cflag & 0x80000000U", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:383: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:387: path: Condition "bad_flow_control", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:390: path: Condition "usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 16, 64, urb_value, 0, NULL, 0, 5000) < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:395: lockagain: Locking "spinlock_check(&priv->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c:396: use: Using an unreliable value of "control_state" inside the second locked section. If the data that "control_state" depends on was changed by another thread, this use might be incorrect. +# 394| /* save off the modified port settings */ +# 395| spin_lock_irqsave(&priv->lock, flags); +# 396|-> priv->control_state = control_state; +# 397| spin_unlock_irqrestore(&priv->lock, flags); +# 398| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:479: lock: Locking "spinlock_check(&garmin_data_p->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:481: def: Assigning data that might be protected by the lock to "size". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:484: unlock: Unlocking "&garmin_data_p->lock". "size" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:489: path: Condition "size == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:492: path: Condition "offs < count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:497: path: Condition "data == 16", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:498: path: Condition "skip", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:502: path: Condition "dleSeen", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:505: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:508: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:542: path: Condition "size >= 273 /* 12 + (3 + 255 + 3) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:548: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:492: path: Condition "offs < count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:550: lockagain: Locking "spinlock_check(&garmin_data_p->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c:552: use: Using an unreliable value of "size" inside the second locked section. If the data that "size" depends on was changed by another thread, this use might be incorrect. +# 550| spin_lock_irqsave(&garmin_data_p->lock, flags); +# 551| +# 552|-> garmin_data_p->insize = size; +# 553| +# 554| /* copy flags back to structure */ + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:608: lock: Locking "spinlock_check(&priv->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:609: def: Assigning data that might be protected by the lock to "control_state". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:610: unlock: Unlocking "&priv->lock". "control_state" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:621: path: Condition "(old_cflag & 4111) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:622: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:622: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:622: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:622: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:622: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:629: path: Condition "(cflag & 4111) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:630: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:630: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:630: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:630: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:630: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:641: path: Condition "cflag & 256", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:642: path: Condition "cflag & 512", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:643: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:648: path: Switch case value "0". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:650: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:667: path: Condition "cflag & 64", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:673: lockagain: Locking "spinlock_check(&priv->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c:674: use: Using an unreliable value of "control_state" inside the second locked section. If the data that "control_state" depends on was changed by another thread, this use might be incorrect. +# 672| /* save off the modified port settings */ +# 673| spin_lock_irqsave(&priv->lock, flags); +# 674|-> priv->control_state = control_state; +# 675| priv->last_lcr = last_lcr; +# 676| spin_unlock_irqrestore(&priv->lock, flags); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:409: lock: Locking "spinlock_check(&priv->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:412: def: Assigning data that might be protected by the lock to "control". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:413: unlock: Unlocking "&priv->lock". "control" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:416: path: Switch case value "0". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:419: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:438: path: Condition "br == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:440: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:452: path: Condition "(cflag & 64) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:453: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:458: path: Condition "(cflag & 256) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:459: path: Condition "(cflag & 512) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:460: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:463: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:468: path: Condition "(cflag & 0x80000000U) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:489: path: Condition "divisor != priv->pending_setup.divisor", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:488: lockagain: Locking "spinlock_check(&priv->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:493: use: Using an unreliable value of "control" inside the second locked section. If the data that "control" depends on was changed by another thread, this use might be incorrect. +# 491| || frame_fmt != priv->pending_setup.frame_fmt) { +# 492| priv->pending_setup.divisor = divisor; +# 493|-> priv->pending_setup.control = control; +# 494| priv->pending_setup.frame_fmt = frame_fmt; +# 495| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:409: lock: Locking "spinlock_check(&priv->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:411: def: Assigning data that might be protected by the lock to "frame_fmt". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:413: unlock: Unlocking "&priv->lock". "frame_fmt" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:416: path: Switch case value "0". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:419: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:438: path: Condition "br == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:440: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:452: path: Condition "(cflag & 64) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:453: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:458: path: Condition "(cflag & 256) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:459: path: Condition "(cflag & 512) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:460: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:463: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:468: path: Condition "(cflag & 0x80000000U) != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:489: path: Condition "divisor != priv->pending_setup.divisor", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:488: lockagain: Locking "spinlock_check(&priv->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c:494: use: Using an unreliable value of "frame_fmt" inside the second locked section. If the data that "frame_fmt" depends on was changed by another thread, this use might be incorrect. +# 492| priv->pending_setup.divisor = divisor; +# 493| priv->pending_setup.control = control; +# 494|-> priv->pending_setup.frame_fmt = frame_fmt; +# 495| } +# 496| spin_unlock_irqrestore(&priv->lock, flags); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/afs/internal.h:621: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/netfs.h:125: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:629: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:630: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/afs/super.c:661: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 659| struct afs_vnode *vnode = _vnode; +# 660| +# 661|-> memset(vnode, 0, sizeof(*vnode)); +# 662| inode_init_once(&vnode->netfs.inode); +# 663| mutex_init(&vnode->io_lock); + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1548: local_ptr_assign_local: Assigning: "iovec" = "inline_vecs" (address of local variable "inline_vecs"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1554: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1557: path: Condition "!!!(file->f_mode & 1U /* (fmode_t)1 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1560: path: Condition "!!!file->f_op->read_iter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1563: identity_transfer: Passing "iovec" as argument 3 to function "aio_setup_rw", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1563: local_ptr_assign_ptr: Assigning: "ret" = "aio_setup_rw(0, iocb, &iovec, vectored, compat, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1564: path: Condition "ret < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1565: return_local_addr_alias: Returning pointer "ret" which points to local variable "inline_vecs". +# 1563| ret = aio_setup_rw(READ, iocb, &iovec, vectored, compat, &iter); +# 1564| if (ret < 0) +# 1565|-> return ret; +# 1566| ret = rw_verify_area(READ, file, &req->ki_pos, iov_iter_count(&iter)); +# 1567| if (!ret) + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1576: local_ptr_assign_local: Assigning: "iovec" = "inline_vecs" (address of local variable "inline_vecs"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1582: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1586: path: Condition "!!!(file->f_mode & 2U /* (fmode_t)2 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1588: path: Condition "!!!file->f_op->write_iter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1591: identity_transfer: Passing "iovec" as argument 3 to function "aio_setup_rw", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1591: local_ptr_assign_ptr: Assigning: "ret" = "aio_setup_rw(1, iocb, &iovec, vectored, compat, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1592: path: Condition "ret < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c:1593: return_local_addr_alias: Returning pointer "ret" which points to local variable "inline_vecs". +# 1591| ret = aio_setup_rw(WRITE, iocb, &iovec, vectored, compat, &iter); +# 1592| if (ret < 0) +# 1593|-> return ret; +# 1594| ret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter)); +# 1595| if (!ret) { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:121: path: Condition "prev == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:125: lock: Locking "&p->d_lockref.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:126: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:130: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:130: path: Condition "p == root", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:132: def: Assigning data that might be protected by the lock to "parent". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:133: unlock: Unlocking "&p->d_lockref.lock". "parent" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:134: lockagain: Locking "&parent->d_lockref.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c:136: use: Using an unreliable value of "parent" inside the second locked section. If the data that "parent" depends on was changed by another thread, this use might be incorrect. +# 134| spin_lock(&parent->d_lock); +# 135| d = p; +# 136|-> p = parent; +# 137| } +# 138| spin_unlock(&p->d_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1922: path: Condition "session", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1926: path: Condition "ci->i_ceph_flags & (4096UL /* 1 << 12 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1933: path: Condition "ci->i_ceph_flags & (4UL /* 1 << 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "(inode->i_mode & 0xf000) == 0x8000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wb_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wrbuffer_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "inode->i_data.nrpages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "revoking & (33792 /* (4 << 8) | (0x80 << 8) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "(inode->i_mode & 0xf000) == 0x8000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wb_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wrbuffer_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "inode->i_data.nrpages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "revoking & (33792 /* (4 << 8) | (0x80 << 8) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2118: lock: Locking "ci->i_ceph_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2055: path: Condition "__ceph_should_report_size(ci)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2056: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2056: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2056: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2056: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2056: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2057: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2055: path: Condition "__ceph_should_report_size(ci)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2061: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2062: path: Condition "flags & 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2062: path: Condition "ci->i_dirty_caps", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2066: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2067: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2067: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2067: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2067: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2067: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2068: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2110: def: Assigning data that might be protected by the lock to "session". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2120: unlock: Unlocking "ci->i_ceph_lock". "session" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2120: lockagain: Locking "ci->i_ceph_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2109: use: Using an unreliable value of "session" inside the second locked section. If the data that "session" depends on was changed by another thread, this use might be incorrect. +# 2107| +# 2108| ack: +# 2109|-> ceph_put_mds_session(session); +# 2110| session = ceph_get_mds_session(cap->session); +# 2111| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1922: path: Condition "session", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1926: path: Condition "ci->i_ceph_flags & (4096UL /* 1 << 12 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1933: path: Condition "ci->i_ceph_flags & (4UL /* 1 << 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "(inode->i_mode & 0xf000) == 0x8000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wb_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wrbuffer_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "inode->i_data.nrpages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "revoking & (33792 /* (4 << 8) | (0x80 << 8) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "(inode->i_mode & 0xf000) == 0x8000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wb_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "ci->i_wrbuffer_ref", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "inode->i_data.nrpages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "revoking & (33792 /* (4 << 8) | (0x80 << 8) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2120: lock: Locking "ci->i_ceph_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2122: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "!mdsc->stopping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1955: path: Condition "(*inode).i_nlink > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1956: path: Condition "file_wanted", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1958: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:1986: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "!(flags & 4)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2001: path: Condition "mdsc->stopping", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2028: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2019: path: Condition "p", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "mds >= (*cap).mds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "flags & 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2026: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2035: path: Condition "cap != ci->i_auth_cap", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2039: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2045: path: Condition "(*cap).issued & (4096 /* 0x10 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2048: path: Condition "ci->i_wanted_max_size > ci->i_requested_max_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2050: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2051: path: Jumping to label "ack". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2110: def: Assigning data that might be protected by the lock to "session". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "cap == ci->i_auth_cap", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2114: path: Condition "ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2117: path: Condition "ci->i_ceph_flags & (128UL /* 1 << 7 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2118: unlock: Unlocking "ci->i_ceph_lock". "session" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2119: path: Condition "ci->i_ceph_flags & (256UL /* 1 << 8 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2118: lockagain: Locking "ci->i_ceph_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c:2120: use: Using an unreliable value of "session" inside the second locked section. If the data that "session" depends on was changed by another thread, this use might be incorrect. +# 2118| __kick_flushing_caps(mdsc, session, ci, 0); +# 2119| if (ci->i_ceph_flags & CEPH_I_FLUSH_SNAPS) +# 2120|-> __ceph_flush_snaps(ci, session); +# 2121| +# 2122| goto retry; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4054: lock: Locking "&cifs_sb->tlink_tree_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4056: path: Condition "node != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4058: def: Assigning data that might be protected by the lock to "node". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4061: path: Condition "test_bit(0, &tlink->tl_flags)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4061: path: Condition "atomic_read(&tlink->tl_count) != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4061: path: Condition "1 /* ({...; 1;}) && ({...; 1;}) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4061: path: Condition "(long)(jiffies - (tlink->tl_time + 600000UL /* 600 * 1000 */)) < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4070: unlock: Unlocking "&cifs_sb->tlink_tree_lock". "node" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4073: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4056: path: Condition "node != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4072: lockagain: Locking "&cifs_sb->tlink_tree_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c:4057: use: Using an unreliable value of "node" inside the second locked section. If the data that "node" depends on was changed by another thread, this use might be incorrect. +# 4055| node = rb_first(root); +# 4056| while (node != NULL) { +# 4057|-> tmp = node; +# 4058| node = rb_next(tmp); +# 4059| tlink = rb_entry(tmp, struct tcon_link, tl_rbnode); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1632: path: Condition "!dir_emit_dots(file, ctx)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1634: lock: Locking "&configfs_dirent_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1635: path: Condition "ctx->pos == 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1637: path: Condition "p != &parent_sd->s_children", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1644: path: Condition "!next->s_element", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1645: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1637: def: Assigning data that might be protected by the lock to "p". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1637: path: Condition "p != &parent_sd->s_children", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1644: path: Condition "!next->s_element", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1661: path: Condition "dentry", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1663: path: Condition "inode", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1665: unlock: Unlocking "&configfs_dirent_lock". "p" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1666: path: Condition "!inode", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1672: path: Condition "!dir_emit(ctx, name, len, ino, dt_type(next))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1675: lockagain: Locking "&configfs_dirent_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c:1676: use: Using an unreliable value of "p" inside the second locked section. If the data that "p" depends on was changed by another thread, this use might be incorrect. +# 1674| +# 1675| spin_lock(&configfs_dirent_lock); +# 1676|-> list_move(q, p); +# 1677| p = q; +# 1678| ctx->pos++; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1363: path: Switch case value "D_WALK_CONTINUE". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1365: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1376: path: Condition "next != &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1381: path: Condition "!!(dentry->d_flags & 536870912)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1382: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1376: path: Condition "next != &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1381: path: Condition "!!(dentry->d_flags & 536870912)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1387: path: Switch case value "D_WALK_CONTINUE". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1389: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1401: path: Condition "!list_empty(&dentry->d_subdirs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1406: path: Jumping to label "repeat". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1376: path: Condition "next != &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1381: path: Condition "!!(dentry->d_flags & 536870912)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1382: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1376: path: Condition "next != &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1381: path: Condition "!!(dentry->d_flags & 536870912)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1387: path: Switch case value "D_WALK_CONTINUE". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1389: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1401: path: Condition "!list_empty(&dentry->d_subdirs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1409: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1376: path: Condition "next != &this_parent->d_subdirs", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1415: path: Condition "this_parent != parent", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1420: lock: Locking "&this_parent->d_lockref.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1423: path: Condition "need_seqretry(&rename_lock, seq)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1428: path: Condition "next == &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1429: path: Jumping to label "ascend". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1415: path: Condition "this_parent != parent", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1417: def: Assigning data that might be protected by the lock to "this_parent". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1419: unlock: Unlocking "&child->d_lockref.lock". "this_parent" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1423: path: Condition "need_seqretry(&rename_lock, seq)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1428: path: Condition "next == &this_parent->d_subdirs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1429: path: Jumping to label "ascend". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1415: path: Condition "this_parent != parent", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1420: lockagain: Locking "&this_parent->d_lockref.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c:1416: use: Using an unreliable value of "this_parent" inside the second locked section. If the data that "this_parent" depends on was changed by another thread, this use might be incorrect. +# 1414| ascend: +# 1415| if (this_parent != parent) { +# 1416|-> struct dentry *child = this_parent; +# 1417| this_parent = child->d_parent; +# 1418| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4368: path: Condition "!(ac->ac_flags & 32)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "0 /* !((((sizeof (ei->i_prealloc_list.next) == sizeof (char) || sizeof (ei->i_prealloc_list.next) == sizeof (short)) || sizeof (ei->i_prealloc_list.next) == sizeof (int)) || sizeof (ei->i_prealloc_list.next) == sizeof (long)) || sizeof (ei->i_prealloc_list.next) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "&pa->pa_inode_list != &ei->i_prealloc_list", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4377: path: Condition "ac->ac_o_ex.fe_logical < pa->pa_lstart", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4380: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "&pa->pa_inode_list != &ei->i_prealloc_list", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4377: path: Condition "ac->ac_o_ex.fe_logical < pa->pa_lstart", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4377: path: Condition "ac->ac_o_ex.fe_logical >= pa->pa_lstart + (pa->pa_len << sbi->s_cluster_bits)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4380: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4373: path: Condition "&pa->pa_inode_list != &ei->i_prealloc_list", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4403: path: Condition "!(ac->ac_flags & 128)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4408: path: Condition "lg == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4411: path: Condition "order > 9 /* 10 - 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4420: path: Condition "i < 10", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4422: path: Condition "0 /* !((((sizeof (lg->lg_prealloc_list[i].next) == sizeof (char) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (short)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (int)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (long)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4422: path: Condition "&pa->pa_inode_list != &lg->lg_prealloc_list[i]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4424: lock: Locking "&pa->pa_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4425: path: Condition "pa->pa_deleted == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4425: path: Condition "pa->pa_free >= ac->ac_o_ex.fe_len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4428: def: Assigning data that might be protected by the lock to "cpa". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4431: unlock: Unlocking "&pa->pa_lock". "cpa" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4432: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4422: path: Condition "0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4422: path: Condition "&pa->pa_inode_list != &lg->lg_prealloc_list[i]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4425: path: Condition "pa->pa_deleted == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4425: path: Condition "pa->pa_free >= ac->ac_o_ex.fe_len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4424: lockagain: Locking "&pa->pa_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c:4428: use: Using an unreliable value of "cpa" inside the second locked section. If the data that "cpa" depends on was changed by another thread, this use might be incorrect. +# 4426| pa->pa_free >= ac->ac_o_ex.fe_len) { +# 4427| +# 4428|-> cpa = ext4_mb_check_group_pa(goal_block, +# 4429| pa, cpa); +# 4430| } + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c:1771: local_addr: Address of local variable "frames". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c:1771: identity_transfer: Passing "frames" as argument 4 to function "dx_probe", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c:1771: local_ptr_assign_ptr: Assigning: "frame" = "dx_probe(fname, dir, NULL, frames)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c:1772: path: Condition "IS_ERR(frame)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c:1773: return_local_addr_alias: Returning pointer "frame" which points to local variable "frames". +# 1771| frame = dx_probe(fname, dir, NULL, frames); +# 1772| if (IS_ERR(frame)) +# 1773|-> return (struct buffer_head *) frame; +# 1774| do { +# 1775| block = dx_get_block(frame->at); + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:629: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:630: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/inode.c:419: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 417| void inode_init_once(struct inode *inode) +# 418| { +# 419|-> memset(inode, 0, sizeof(*inode)); +# 420| INIT_HLIST_NODE(&inode->i_hash); +# 421| INIT_LIST_HEAD(&inode->i_devices); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:412: path: Condition "jbd2_journal_has_csum_v2or3(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:421: path: Condition "journal->j_flags & 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:435: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:439: path: Condition "!(journal->j_running_transaction != NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:440: path: Condition "!(journal->j_committing_transaction == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:444: path: Condition "journal->j_flags & 256", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:473: path: Condition "!(commit_transaction->t_state == T_RUNNING)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:480: path: Condition "commit_transaction->t_requested", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:492: path: Condition "!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:513: path: Condition "commit_transaction->t_reserved_list", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:581: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:605: path: Condition "!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:611: path: Condition "commit_transaction->t_buffers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:776: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:796: path: Condition "update_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:799: path: Condition "first_block < journal->j_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:802: path: Condition "freed < jbd2_journal_get_max_txn_bufs(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:805: path: Condition "!(commit_transaction->t_state == T_COMMIT)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "commit_transaction->t_need_data_flush", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_fs_dev != journal->j_dev", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_flags & 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:820: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:842: path: Condition "!list_empty(&io_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:881: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:904: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:909: path: Condition "!(commit_transaction->t_state == T_COMMIT_DFLUSH)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:913: path: Condition "!jbd2_has_feature_async_commit(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:916: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:919: path: Condition "cbh", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:922: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:927: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:938: path: Condition "update_tail", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:948: path: Condition "!list_empty(&commit_transaction->t_inode_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:949: path: Condition "!(commit_transaction->t_buffers == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:950: path: Condition "!(commit_transaction->t_checkpoint_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:951: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:958: lock: Locking "&journal->j_list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:959: path: Condition "commit_transaction->t_forget", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:965: def: Assigning data that might be protected by the lock to "jh". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:966: unlock: Unlocking "&journal->j_list_lock". "jh" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:974: path: Condition "!(jh->b_transaction == commit_transaction)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:989: path: Condition "jh->b_committed_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:992: path: Condition "jh->b_frozen_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:997: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1005: path: Condition "cp_transaction", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1003: lockagain: Locking "&journal->j_list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1008: use: Using an unreliable value of "jh" inside the second locked section. If the data that "jh" depends on was changed by another thread, this use might be incorrect. +# 1006| JBUFFER_TRACE(jh, "remove from old cp transaction"); +# 1007| cp_transaction->t_chp_stats.cs_dropped++; +# 1008|-> __jbd2_journal_remove_checkpoint(jh); +# 1009| } +# 1010| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:412: path: Condition "jbd2_journal_has_csum_v2or3(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:421: path: Condition "journal->j_flags & 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:435: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:439: path: Condition "!(journal->j_running_transaction != NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:440: path: Condition "!(journal->j_committing_transaction == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:444: path: Condition "journal->j_flags & 256", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:473: path: Condition "!(commit_transaction->t_state == T_RUNNING)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:480: path: Condition "commit_transaction->t_requested", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:492: path: Condition "!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:513: path: Condition "commit_transaction->t_reserved_list", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:581: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:605: path: Condition "!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:611: path: Condition "commit_transaction->t_buffers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:776: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:796: path: Condition "update_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:799: path: Condition "first_block < journal->j_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:802: path: Condition "freed < jbd2_journal_get_max_txn_bufs(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:805: path: Condition "!(commit_transaction->t_state == T_COMMIT)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "commit_transaction->t_need_data_flush", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_fs_dev != journal->j_dev", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_flags & 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:820: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:842: path: Condition "!list_empty(&io_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:881: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:904: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:909: path: Condition "!(commit_transaction->t_state == T_COMMIT_DFLUSH)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:913: path: Condition "!jbd2_has_feature_async_commit(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:916: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:919: path: Condition "cbh", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:922: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:927: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:938: path: Condition "update_tail", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:948: path: Condition "!list_empty(&commit_transaction->t_inode_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:949: path: Condition "!(commit_transaction->t_buffers == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:950: path: Condition "!(commit_transaction->t_checkpoint_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:951: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:958: lock: Locking "&journal->j_list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:959: path: Condition "commit_transaction->t_forget", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:965: def: Assigning data that might be protected by the lock to "jh". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:966: unlock: Unlocking "&journal->j_list_lock". "jh" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:974: path: Condition "!(jh->b_transaction == commit_transaction)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:989: path: Condition "jh->b_committed_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:992: path: Condition "jh->b_frozen_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:997: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1005: path: Condition "cp_transaction", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1026: path: Condition "buffer_freed(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1026: path: Condition "!jh->b_next_transaction", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1044: path: Condition "0 /* !((((sizeof ((*bh->b_page).mapping) == sizeof (char) || sizeof ((*bh->b_page).mapping) == sizeof (short)) || sizeof ((*bh->b_page).mapping) == sizeof (int)) || sizeof ((*bh->b_page).mapping) == sizeof (long)) || sizeof ((*bh->b_page).mapping) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1045: path: Condition "mapping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1045: path: Condition "!sb_is_blkdev_sb(mapping->host->i_sb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1053: path: Condition "buffer_jbddirty(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1003: lockagain: Locking "&journal->j_list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1055: use: Using an unreliable value of "jh" inside the second locked section. If the data that "jh" depends on was changed by another thread, this use might be incorrect. +# 1053| if (buffer_jbddirty(bh)) { +# 1054| JBUFFER_TRACE(jh, "add to new checkpointing trans"); +# 1055|-> __jbd2_journal_insert_checkpoint(jh, commit_transaction); +# 1056| if (is_journal_aborted(journal)) +# 1057| clear_buffer_jbddirty(bh); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:412: path: Condition "jbd2_journal_has_csum_v2or3(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:421: path: Condition "journal->j_flags & 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:435: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:439: path: Condition "!(journal->j_running_transaction != NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:440: path: Condition "!(journal->j_committing_transaction == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:444: path: Condition "journal->j_flags & 256", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:473: path: Condition "!(commit_transaction->t_state == T_RUNNING)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:480: path: Condition "commit_transaction->t_requested", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:492: path: Condition "!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:513: path: Condition "commit_transaction->t_reserved_list", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:581: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:605: path: Condition "!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:611: path: Condition "commit_transaction->t_buffers", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:776: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:796: path: Condition "update_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:799: path: Condition "first_block < journal->j_tail", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:802: path: Condition "freed < jbd2_journal_get_max_txn_bufs(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:805: path: Condition "!(commit_transaction->t_state == T_COMMIT)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "commit_transaction->t_need_data_flush", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_fs_dev != journal->j_dev", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:814: path: Condition "journal->j_flags & 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:820: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:842: path: Condition "!list_empty(&io_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:881: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:893: path: Condition "!!!buffer_uptodate(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:902: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:886: path: Condition "!list_empty(&log_bufs)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:904: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:909: path: Condition "!(commit_transaction->t_state == T_COMMIT_DFLUSH)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:913: path: Condition "!jbd2_has_feature_async_commit(journal)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:916: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:919: path: Condition "cbh", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:922: path: Condition "jbd2_has_feature_async_commit(journal)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:927: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:930: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:938: path: Condition "update_tail", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:948: path: Condition "!list_empty(&commit_transaction->t_inode_list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:949: path: Condition "!(commit_transaction->t_buffers == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:950: path: Condition "!(commit_transaction->t_checkpoint_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:951: path: Condition "!(commit_transaction->t_shadow_list == NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:958: lock: Locking "&journal->j_list_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:959: path: Condition "commit_transaction->t_forget", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:965: def: Assigning data that might be protected by the lock to "jh". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:966: unlock: Unlocking "&journal->j_list_lock". "jh" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:974: path: Condition "!(jh->b_transaction == commit_transaction)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:989: path: Condition "jh->b_committed_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:992: path: Condition "jh->b_frozen_data", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:997: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1005: path: Condition "cp_transaction", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1026: path: Condition "buffer_freed(bh)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1026: path: Condition "!jh->b_next_transaction", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1044: path: Condition "0 /* !((((sizeof ((*bh->b_page).mapping) == sizeof (char) || sizeof ((*bh->b_page).mapping) == sizeof (short)) || sizeof ((*bh->b_page).mapping) == sizeof (int)) || sizeof ((*bh->b_page).mapping) == sizeof (long)) || sizeof ((*bh->b_page).mapping) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1045: path: Condition "mapping", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1045: path: Condition "!sb_is_blkdev_sb(mapping->host->i_sb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1053: path: Condition "buffer_jbddirty(bh)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1059: path: Condition "!!buffer_dirty(bh)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1069: path: Condition "!jh->b_next_transaction", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1003: lockagain: Locking "&journal->j_list_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c:1073: use: Using an unreliable value of "jh" inside the second locked section. If the data that "jh" depends on was changed by another thread, this use might be incorrect. +# 1071| } +# 1072| JBUFFER_TRACE(jh, "refile or unfile buffer"); +# 1073|-> drop_ref = __jbd2_journal_refile_buffer(jh); +# 1074| spin_unlock(&jh->b_state_lock); +# 1075| if (drop_ref) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:359: path: Condition "!buffer_jbddirty(bh_in)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:366: lock: Locking "&jh_in->b_state_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:372: path: Condition "jh_in->b_frozen_data", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:377: def: Assigning data that might be protected by the lock to "new_page". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:388: path: Condition "!done_copy_out", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:395: path: Condition "*((__be32 *)(mapped_data + new_offset)) == 2553887680U /* (__be32)(__u32)__builtin_bswap32((__u32)3225106840U) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:400: path: Condition "0 /* !!__builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:405: path: Condition "need_copy_out", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:405: path: Condition "!done_copy_out", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:408: unlock: Unlocking "&jh_in->b_state_lock". "new_page" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:410: path: Condition "!tmp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:415: path: Condition "jh_in->b_frozen_data", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:414: lockagain: Locking "&jh_in->b_state_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c:421: use: Using an unreliable value of "new_page" inside the second locked section. If the data that "new_page" depends on was changed by another thread, this use might be incorrect. +# 419| +# 420| jh_in->b_frozen_data = tmp; +# 421|-> mapped_data = kmap_atomic(new_page); +# 422| memcpy(tmp, mapped_data + new_offset, bh_in->b_size); +# 423| kunmap_atomic(mapped_data); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1345: path: Condition "!!(nfs_debug & 4096)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1345: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1347: lock: Locking "&ino->i_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1348: def: Assigning data that might be protected by the lock to "lo". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1349: path: Condition "!lo", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1357: path: Condition "test_bit(NFS_LAYOUT_RETURN_LOCK, &lo->plh_flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1358: unlock: Unlocking "&ino->i_lock". "lo" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1359: path: Condition "wait_on_bit(&lo->plh_flags, NFS_LAYOUT_RETURN, 2)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1362: lockagain: Locking "&ino->i_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c:1364: use: Using an unreliable value of "lo" inside the second locked section. If the data that "lo" depends on was changed by another thread, this use might be incorrect. +# 1362| spin_lock(&ino->i_lock); +# 1363| } +# 1364|-> valid_layout = pnfs_layout_is_valid(lo); +# 1365| pnfs_clear_layoutcommit(ino, &tmp_list); +# 1366| pnfs_mark_matching_lsegs_return(lo, &tmp_list, &range, 0); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3827: path: Condition "nfsd4_compound_in_session(cstate, sessionid)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3828: path: Condition "!nfsd4_last_compound_op(r)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3833: lock: Locking "&nn->client_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3834: def: Assigning data that might be protected by the lock to "ses". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3835: path: Condition "!ses", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3838: path: Condition "!nfsd4_mach_creds_match(ses->se_client, r)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3841: path: Condition "status", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3844: unlock: Unlocking "&nn->client_lock". "ses" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3848: lockagain: Locking "&nn->client_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:3851: use: Using an unreliable value of "ses" inside the second locked section. If the data that "ses" depends on was changed by another thread, this use might be incorrect. +# 3849| status = nfs_ok; +# 3850| out_put_session: +# 3851|-> nfsd4_put_session_locked(ses); +# 3852| out_client_lock: +# 3853| spin_unlock(&nn->client_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4230: path: Condition "STALE_CLIENTID(clid, nn)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4233: lock: Locking "&nn->client_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4234: def: Assigning data that might be protected by the lock to "conf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4244: path: Condition "unconf", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4244: path: Condition "!same_creds(&unconf->cl_cred, &rqstp->rq_cred)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4248: path: Condition "conf", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4248: path: Condition "!same_creds(&conf->cl_cred, &rqstp->rq_cred)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4252: path: Condition "!unconf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4252: path: Condition "!same_verf(&confirm, &unconf->cl_confirm)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4260: path: Condition "conf", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4262: unlock: Unlocking "old->cl_lock". "conf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4263: unlock: Unlocking "conf->cl_lock". "conf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4264: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4285: unlock: Unlocking "&nn->client_lock". "conf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4286: path: Condition "conf == unconf", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4289: lockagain: Locking "&nn->client_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c:4290: use: Using an unreliable value of "conf" inside the second locked section. If the data that "conf" depends on was changed by another thread, this use might be incorrect. +# 4288| nfsd4_probe_callback(conf); +# 4289| spin_lock(&nn->client_lock); +# 4290|-> put_client_renew_locked(conf); +# 4291| out: +# 4292| spin_unlock(&nn->client_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:289: path: Condition "!dir_emit_dots(file, ctx)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:293: lock: Locking "&proc_subdir_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:294: def: Assigning data that might be protected by the lock to "de". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:295: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:296: path: Condition "!de", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:300: path: Condition "!i", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:301: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:309: unlock: Unlocking "&proc_subdir_lock". "de" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:310: path: Condition "!dir_emit(ctx, de->name, de->namelen, de->low_ino, de->mode >> 12)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:316: lockagain: Locking "&proc_subdir_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:317: use: Using an unreliable value of "de" inside the second locked section. If the data that "de" depends on was changed by another thread, this use might be incorrect. +# 315| ctx->pos++; +# 316| read_lock(&proc_subdir_lock); +# 317|-> next = pde_subdir_next(de); +# 318| pde_put(de); +# 319| de = next; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:728: lock: Locking "&proc_subdir_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:729: path: Condition "__xlate_proc_name(name, &parent, &fn) != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:736: path: Condition "!root", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:740: path: Condition "!!pde_is_permanent(root)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:749: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:751: path: Condition "next", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:752: path: Condition "!!pde_is_permanent(next)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:760: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:749: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:751: path: Condition "next", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:752: path: Condition "!!pde_is_permanent(next)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:760: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:749: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:751: path: Condition "next", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:752: path: Condition "!!pde_is_permanent(next)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:760: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:749: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:751: path: Condition "next", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:762: def: Assigning data that might be protected by the lock to "next". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:763: path: Condition "(de->mode & 0xf000) == 0x4000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:765: unlock: Unlocking "&proc_subdir_lock". "next" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:767: unlock: Unlocking "de->pde_unload_lock". "next" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:768: path: Condition "de == root", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:772: lockagain: Locking "&proc_subdir_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c:773: use: Using an unreliable value of "next" inside the second locked section. If the data that "next" depends on was changed by another thread, this use might be incorrect. +# 771| +# 772| write_lock(&proc_subdir_lock); +# 773|-> de = next; +# 774| } +# 775| pde_put(root); + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:927: path: Condition "type >= 3", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:935: path: Condition "!special", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:946: path: Condition "cmds == 8388610", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:948: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:951: local_ptr_assign_local: Assigning: "pathp" = "&path" (address of local variable "path"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:955: path: Condition "IS_ERR(sb)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:960: identity_transfer: Passing "pathp" as argument 6 to function "do_quotactl", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:960: local_ptr_assign_ptr: Assigning: "ret" = "do_quotactl(sb, type, cmds, id, addr, pathp)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:962: path: Condition "!quotactl_cmd_onoff(cmds)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:967: path: Condition "pathp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:967: path: Condition "!IS_ERR(pathp)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c:969: return_local_addr_alias: Returning pointer "ret" which points to local variable "path". +# 967| if (pathp && !IS_ERR(pathp)) +# 968| path_put(pathp); +# 969|-> return ret; +# 970| } +# 971| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:917: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:921: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:921: local_ptr_assign_ptr: Assigning: "ret" = "import_iovec(0, vec, vlen, 8U, &iov, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:922: path: Condition "ret >= 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:927: return_local_addr_alias: Returning pointer "ret" which points to local variable "iovstack". +# 925| } +# 926| +# 927|-> return ret; +# 928| } +# 929| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:934: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:938: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:938: local_ptr_assign_ptr: Assigning: "ret" = "import_iovec(1, vec, vlen, 8U, &iov, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:939: path: Condition "ret >= 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c:945: return_local_addr_alias: Returning pointer "ret" which points to local variable "iovstack". +# 943| kfree(iov); +# 944| } +# 945|-> return ret; +# 946| } +# 947| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1299: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1305: path: Condition "!!(flags & 4294967280U /* ~(((1 | 2) | 4) | 8) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1310: path: Condition "error", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1313: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1313: local_ptr_assign_ptr: Assigning: "error" = "import_iovec(type, uiov, nr_segs, 8U, &iov, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1315: path: Condition "error < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1316: path: Jumping to label "out_fdput". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c:1328: return_local_addr_alias: Returning pointer "error" which points to local variable "iovstack". +# 1326| out_fdput: +# 1327| fdput(f); +# 1328|-> return error; +# 1329| } +# 1330| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1685: path: Condition "!data.part_descs_loc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1692: path: Condition "!done", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1692: path: Condition "block <= lastblock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1694: path: Condition "!bh", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1700: path: Switch case value "1". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1725: local_addr: Address of local variable "data". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1725: identity_transfer: Passing "&data" as argument 3 to function "get_volume_descriptor_record", which returns an offset off that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1725: local_ptr_assign_ptr: Assigning: "curr" = "get_volume_descriptor_record(ident, bh, &data)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1726: path: Condition "IS_ERR(curr)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1728: identity_transfer: Passing "curr" as argument 1 to function "PTR_ERR", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1728: local_ptr_assign_ptr: Assigning: "ret" = "PTR_ERR(curr)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1729: path: Jumping to label "out". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c:1775: return_local_addr_alias: Returning pointer "ret" which points to local variable "data". +# 1773| out: +# 1774| kfree(data.part_descs_loc); +# 1775|-> return ret; +# 1776| } +# 1777| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1034: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1035: path: Switch case value "4". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1035: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1038: path: Condition "uwq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1082: lock: Locking "&ctx->event_wqh.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1084: path: Condition "uwq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1087: path: Condition "uwq->msg.event == 19", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1088: def: Assigning data that might be protected by the lock to "fork_nctx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1098: unlock: Unlocking "&ctx->event_wqh.lock". "fork_nctx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1100: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1123: path: Condition "0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1124: unlock: Unlocking "&ctx->fd_wqh.lock". "fork_nctx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1126: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1126: path: Condition "msg->event == 19", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1129: path: Condition "!list_empty(&fork_event)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1128: lockagain: Locking "&ctx->event_wqh.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1134: use: Using an unreliable value of "fork_nctx" inside the second locked section. If the data that "fork_nctx" depends on was changed by another thread, this use might be incorrect. +# 1132| * drop the temporary refcount. +# 1133| */ +# 1134|-> userfaultfd_ctx_put(fork_nctx); +# 1135| +# 1136| uwq = list_first_entry(&fork_event, + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1034: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1035: path: Switch case value "4". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1035: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1038: path: Condition "uwq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1082: lock: Locking "&ctx->event_wqh.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1084: path: Condition "uwq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1087: path: Condition "uwq->msg.event == 19", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1088: def: Assigning data that might be protected by the lock to "fork_nctx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1098: unlock: Unlocking "&ctx->event_wqh.lock". "fork_nctx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1100: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1123: path: Condition "0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1124: unlock: Unlocking "&ctx->fd_wqh.lock". "fork_nctx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1126: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1126: path: Condition "msg->event == 19", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1129: path: Condition "!list_empty(&fork_event)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1171: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1128: lockagain: Locking "&ctx->event_wqh.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c:1172: use: Using an unreliable value of "fork_nctx" inside the second locked section. If the data that "fork_nctx" depends on was changed by another thread, this use might be incorrect. +# 1170| */ +# 1171| if (ret) +# 1172|-> userfaultfd_ctx_put(fork_nctx); +# 1173| } +# 1174| spin_unlock_irq(&ctx->event_wqh.lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2816: path: Condition "xlog_state_iodone_process_iclog(log, iclog)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2818: path: Condition "iclog->ic_state != XLOG_STATE_CALLBACK", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2830: lock: Locking "&log->l_icloglock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2832: def: Assigning data that might be protected by the lock to "iclog". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2833: path: Condition "iclog != first_iclog", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2816: path: Condition "xlog_state_iodone_process_iclog(log, iclog)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2818: path: Condition "iclog->ic_state != XLOG_STATE_CALLBACK", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2823: unlock: Unlocking "&log->l_icloglock". "iclog" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2830: lockagain: Locking "&log->l_icloglock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c:2831: use: Using an unreliable value of "iclog" inside the second locked section. If the data that "iclog" depends on was changed by another thread, this use might be incorrect. +# 2829| +# 2830| spin_lock(&log->l_icloglock); +# 2831|-> xlog_state_clean_iclog(log, iclog); +# 2832| iclog = iclog->ic_next; +# 2833| } while (iclog != first_iclog); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:273: path: Condition "!mru", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:273: path: Condition "!mru->lists", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:276: lock: Locking "&mru->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:277: def: Assigning data that might be protected by the lock to "next". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:278: unlock: Unlocking "mru->lock". "next" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:278: lockagain: Locking "mru->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c:280: use: Using an unreliable value of "next" inside the second locked section. If the data that "next" depends on was changed by another thread, this use might be incorrect. +# 278| _xfs_mru_cache_clear_reap_list(mru); +# 279| +# 280|-> mru->queued = next; +# 281| if ((mru->queued > 0)) { +# 282| now = jiffies; + +Error: WRITE_CONST_FIELD (CWE-843): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_inode.h:76: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:629: nested_field_definition: A nested aggregate with a const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h:630: field_definition: A const-qualified field is defined. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_super.c:695: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 693| struct xfs_inode *ip = inode; +# 694| +# 695|-> memset(ip, 0, sizeof(struct xfs_inode)); +# 696| +# 697| /* vfs inode */ + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:629: path: Condition "!queues", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:632: path: Condition "i < nrings", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:634: path: Condition "!queues[i]", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:636: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:632: path: Condition "i < nrings", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:634: path: Condition "!queues[i]", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:636: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:632: path: Condition "i < nrings", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:638: path: Condition "i < nrings", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:640: lock: Locking "&rings[i]->producer_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:641: def: Assigning data that might be protected by the lock to "queues[i]". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:643: unlock: Unlocking "&rings[i]->producer_lock". "queues[i]" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:644: unlock: Unlocking "&rings[i]->consumer_lock". "queues[i]" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:645: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:638: path: Condition "i < nrings", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:640: lockagain: Locking "&rings[i]->producer_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h:641: use: Using an unreliable value of "queues[i]" inside the second locked section. If the data that "queues[i]" depends on was changed by another thread, this use might be incorrect. +# 639| spin_lock_irqsave(&(rings[i])->consumer_lock, flags); +# 640| spin_lock(&(rings[i])->producer_lock); +# 641|-> queues[i] = __ptr_ring_swap_queue(rings[i], queues[i], +# 642| size, gfp, destroy); +# 643| spin_unlock(&(rings[i])->producer_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:556: lock: Locking "&acct->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:557: def: Assigning data that might be protected by the lock to "work". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:558: unlock: Unlocking "&acct->lock". "work" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:559: path: Condition "work", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:560: unlock: Unlocking "wqe->lock". "work" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:569: lockagain: Locking "&worker->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c:570: use: Using an unreliable value of "work" inside the second locked section. If the data that "work" depends on was changed by another thread, this use might be incorrect. +# 568| */ +# 569| raw_spin_lock(&worker->lock); +# 570|-> worker->next_work = work; +# 571| raw_spin_unlock(&worker->lock); +# 572| } else { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1103: path: Condition "msqid < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1103: path: Condition "(long)bufsz < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1106: path: Condition "msgflg & 0x4000", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1117: path: Condition "IS_ERR(msq)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1123: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1127: path: Condition "ipcperms(ns, &msq->q_perm, 292 /* (0x100 | 0x20) | 4 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1130: lock: Locking "msq->q_perm.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1133: path: Condition "!ipc_valid_object(&msq->q_perm)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1139: path: Condition "!IS_ERR(msg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1170: path: Condition "msgflg & 0x800", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1179: path: Condition "msgflg & 0x1000", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1180: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1185: path: Condition "0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1185: def: Assigning data that might be protected by the lock to "*((struct msg_msg * volatile *)&msr_d.r_msg)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1188: path: Condition "0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1190: unlock: Unlocking "msq->q_perm.lock". "*((struct msg_msg * volatile *)&msr_d.r_msg)" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1215: path: Condition "0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1216: path: Condition "msg != ERR_PTR(-11)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1229: path: Condition "0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1227: lockagain: Locking "msq->q_perm.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c:1229: use: Using an unreliable value of "*((struct msg_msg * const volatile *)&msr_d.r_msg)" inside the second locked section. If the data that "*((struct msg_msg * const volatile *)&msr_d.r_msg)" depends on was changed by another thread, this use might be incorrect. +# 1227| ipc_lock_object(&msq->q_perm); +# 1228| +# 1229|-> msg = READ_ONCE(msr_d.r_msg); +# 1230| if (msg != ERR_PTR(-EAGAIN)) +# 1231| goto out_unlock0; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:467: path: Condition "!mark", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:476: lock: Locking "&hash_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:477: def: Assigning data that might be protected by the lock to "old". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:478: path: Condition "n < old->count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:479: path: Condition "old->owners[n].owner == tree", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:485: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:478: path: Condition "n < old->count", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:479: path: Condition "old->owners[n].owner == tree", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:485: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:478: path: Condition "n < old->count", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:486: unlock: Unlocking "&hash_lock". "old" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:489: path: Condition "!chunk", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:496: path: Condition "tree->goner", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:508: path: Condition "!tree->root", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:495: lockagain: Locking "&hash_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c:516: use: Using an unreliable value of "old" inside the second locked section. If the data that "old" depends on was changed by another thread, this use might be incorrect. +# 514| * called, new RCU readers can see the new chunk. +# 515| */ +# 516|-> replace_chunk(chunk, old); +# 517| spin_unlock(&hash_lock); +# 518| mutex_unlock(&audit_tree_group->mark_mutex); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:545: path: Condition "IS_ERR(btf)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:547: path: Condition "!btf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:554: path: Condition "ret > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:561: lock: Locking "&btf_idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:562: def: Assigning data that might be protected by the lock to "btf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:562: path: Condition "(btf = idr_get_next(&btf_idr, &id)) != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:563: path: Condition "!btf_is_module(btf)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:569: unlock: Unlocking "&btf_idr_lock". "btf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:571: path: Condition "ret > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:575: lockagain: Locking "&btf_idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:576: use: Using an unreliable value of "btf" inside the second locked section. If the data that "btf" depends on was changed by another thread, this use might be incorrect. +# 574| } +# 575| spin_lock_bh(&btf_idr_lock); +# 576|-> btf_put(btf); +# 577| } +# 578| spin_unlock_bh(&btf_idr_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8191: path: Condition "IS_ERR(main_btf)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8193: path: Condition "!main_btf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8197: path: Condition "!local_type", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8201: path: Condition "str_is_empty(name)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8212: path: Condition "cc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8213: path: Condition "cc->cnt", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8215: path: Jumping to label "check_modules". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8237: path: Condition "cc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8242: lock: Locking "&btf_idr_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8243: def: Assigning data that might be protected by the lock to "mod_btf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8243: path: Condition "(mod_btf = idr_get_next(&btf_idr, &id)) != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8244: path: Condition "!btf_is_module(mod_btf)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8250: unlock: Unlocking "&btf_idr_lock". "mod_btf" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8252: path: Condition "IS_ERR(cands)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8256: lockagain: Locking "&btf_idr_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c:8257: use: Using an unreliable value of "mod_btf" inside the second locked section. If the data that "mod_btf" depends on was changed by another thread, this use might be incorrect. +# 8255| } +# 8256| spin_lock_bh(&btf_idr_lock); +# 8257|-> btf_put(mod_btf); +# 8258| } +# 8259| spin_unlock_bh(&btf_idr_lock); + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1804: path: Condition "__UNIQUE_ID___x552 > __UNIQUE_ID___y553", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1805: local_ptr_identity_local: "sockopt_alloc_buf(&ctx, max_optlen, &buf)" stores "&buf" (address of local variable "buf") into "ctx.optval". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1806: path: Condition "max_optlen < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1811: path: Condition "__UNIQUE_ID___x554 < __UNIQUE_ID___y555", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1811: path: Condition "copy_from_user(ctx.optval, optval, ({...; (__UNIQUE_ID___x554 < __UNIQUE_ID___y555) ? __UNIQUE_ID___x554 : __UNIQUE_ID___y555;})) != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1821: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1824: path: Condition "ctx.optlen == -1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1827: path: Condition "ctx.optlen > max_optlen", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1827: path: Condition "ctx.optlen < -1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1841: path: Condition "ctx.optlen != 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1849: path: Condition "!sockopt_buf_allocated(&ctx, &buf)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1859: escape_local_addr_alias: Returning, through "*kernel_optval", pointer "ctx.optval" which points to local variable "buf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c:1862: return: Returning here. +# 1857| *kernel_optval = p; +# 1858| } else { +# 1859|-> *kernel_optval = ctx.optval; +# 1860| } +# 1861| /* export and don't free sockopt buf */ + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: path: Condition "cpu < nr_cpu_ids", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: path: Condition "(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:196: path: Condition "pos = cgroup_rstat_cpu_pop_updated(pos, cgrp, cpu)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:211: path: Condition "may_sleep", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:211: path: Condition "need_resched()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:214: path: Condition "!({...; _cond_resched();})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:216: lock: Locking "&cgroup_rstat_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:218: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: def: Assigning data that might be protected by the lock to "cpu". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: path: Condition "cpu < nr_cpu_ids", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: path: Condition "(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:196: path: Condition "pos = cgroup_rstat_cpu_pop_updated(pos, cgrp, cpu)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:208: unlock: Unlocking "cpu_lock". "cpu" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:211: path: Condition "may_sleep", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:211: path: Condition "need_resched()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:213: unlock: Unlocking "&cgroup_rstat_lock". "cpu" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:214: path: Condition "!({...; _cond_resched();})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:218: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:216: lockagain: Locking "&cgroup_rstat_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c:181: use: Using an unreliable value of "cpu" inside the second locked section. If the data that "cpu" depends on was changed by another thread, this use might be incorrect. +# 179| lockdep_assert_held(&cgroup_rstat_lock); +# 180| +# 181|-> for_each_possible_cpu(cpu) { +# 182| raw_spinlock_t *cpu_lock = per_cpu_ptr(&cgroup_rstat_cpu_lock, +# 183| cpu); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:662: path: Condition "++depth > max_lock_depth", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:768: path: Condition "!detect_deadlock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:801: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:690: lock: Locking "&task->pi_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:768: path: Condition "!detect_deadlock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:792: def: Assigning data that might be protected by the lock to "lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "lock == orig_lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "rt_mutex_owner(lock) == top_task", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:838: path: Condition "!requeue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:842: unlock: Unlocking "&task->pi_lock". "lock" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:849: path: Condition "!rt_mutex_owner(lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:856: lockagain: Locking "&task->pi_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:868: use: Using an unreliable value of "lock" inside the second locked section. If the data that "lock" depends on was changed by another thread, this use might be incorrect. +# 866| * Get the top waiter for the next iteration +# 867| */ +# 868|-> top_waiter = rt_mutex_top_waiter(lock); +# 869| +# 870| /* [13] Drop locks */ + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:662: path: Condition "++depth > max_lock_depth", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:801: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:690: lock: Locking "&task->pi_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:792: def: Assigning data that might be protected by the lock to "lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "lock == orig_lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "rt_mutex_owner(lock) == top_task", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:838: path: Condition "!requeue", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:911: unlock: Unlocking "&task->pi_lock". "lock" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:921: path: Condition "!rt_mutex_owner(lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:936: lockagain: Locking "&task->pi_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:939: use: Using an unreliable value of "lock" inside the second locked section. If the data that "lock" depends on was changed by another thread, this use might be incorrect. +# 937| +# 938| /* [11] requeue the pi waiters if necessary */ +# 939|-> if (waiter == rt_mutex_top_waiter(lock)) { +# 940| /* +# 941| * The waiter became the new top (highest priority) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:662: path: Condition "++depth > max_lock_depth", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:801: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:690: lock: Locking "&task->pi_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:695: def: Assigning data that might be protected by the lock to "waiter". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "lock == orig_lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "rt_mutex_owner(lock) == top_task", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:838: path: Condition "!requeue", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:911: unlock: Unlocking "&task->pi_lock". "waiter" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:921: path: Condition "!rt_mutex_owner(lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:939: path: Condition "waiter == rt_mutex_top_waiter(lock)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:936: lockagain: Locking "&task->pi_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:947: use: Using an unreliable value of "waiter" inside the second locked section. If the data that "waiter" depends on was changed by another thread, this use might be incorrect. +# 945| */ +# 946| rt_mutex_dequeue_pi(task, prerequeue_top_waiter); +# 947|-> rt_mutex_enqueue_pi(task, waiter); +# 948| rt_mutex_adjust_prio(task); +# 949| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:662: path: Condition "++depth > max_lock_depth", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:801: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:690: lock: Locking "&task->pi_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:695: def: Assigning data that might be protected by the lock to "waiter". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:706: path: Condition "!waiter", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "orig_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:713: path: Condition "!rt_mutex_owner(orig_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:725: path: Condition "next_lock != waiter->lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "waiter->ww_ctx", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:750: path: Condition "detect_deadlock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:758: path: Condition "top_waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:759: path: Condition "!task_has_pi_waiters(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:767: path: Condition "top_waiter != task_top_pi_waiter(task)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:782: path: Condition "rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:798: path: Condition "!_raw_spin_trylock(&lock->wait_lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "lock == orig_lock", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:813: path: Condition "rt_mutex_owner(lock) == top_task", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:838: path: Condition "!requeue", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:911: unlock: Unlocking "&task->pi_lock". "waiter" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:921: path: Condition "!rt_mutex_owner(lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:939: path: Condition "waiter == rt_mutex_top_waiter(lock)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:950: path: Condition "prerequeue_top_waiter == waiter", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:936: lockagain: Locking "&task->pi_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:961: use: Using an unreliable value of "waiter" inside the second locked section. If the data that "waiter" depends on was changed by another thread, this use might be incorrect. +# 959| * we continue to deboost the rest of the chain. +# 960| */ +# 961|-> rt_mutex_dequeue_pi(task, waiter); +# 962| waiter = rt_mutex_top_waiter(lock); +# 963| rt_mutex_enqueue_pi(task, waiter); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1635: path: Condition "try_to_take_rt_mutex(lock, get_current(), NULL)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1643: path: Switch case value "4". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1643: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1647: lock: Locking "lock->wait_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1647: def: Assigning data that might be protected by the lock to "ret". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1648: path: Condition "!!!ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1651: path: Condition "!!!ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1659: path: Condition "0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1660: unlock: Unlocking "lock->wait_lock". "ret" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1660: lockagain: Locking "lock->wait_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c:1661: use: Using an unreliable value of "ret" inside the second locked section. If the data that "ret" depends on was changed by another thread, this use might be incorrect. +# 1659| __set_current_state(TASK_RUNNING); +# 1660| remove_waiter(lock, waiter); +# 1661|-> rt_mutex_handle_deadlock(ret, chwalk, waiter); +# 1662| } +# 1663| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:759: lock: Locking "&ssp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:765: path: Condition "0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:767: def: Assigning data that might be protected by the lock to "gpseq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:768: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:769: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:770: unlock: Unlocking "&ssp->lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:771: unlock: Unlocking "ssp->srcu_gp_mutex.wait_lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:776: path: Condition "ss_state < 2", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:781: path: Condition "snp < &ssp->node[rcu_num_nodes]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:784: path: Condition "snp >= ssp->level[rcu_num_lvls - 1]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:785: path: Condition "last_lvl", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:786: path: Condition "ss_state < 8", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:782: lockagain: Locking "&snp->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:787: use: Using an unreliable value of "gpseq" inside the second locked section. If the data that "gpseq" depends on was changed by another thread, this use might be incorrect. +# 785| if (last_lvl) +# 786| cbs = ss_state < SRCU_SIZE_BIG || snp->srcu_have_cbs[idx] == gpseq; +# 787|-> snp->srcu_have_cbs[idx] = gpseq; +# 788| rcu_seq_set_state(&snp->srcu_have_cbs[idx], 1); +# 789| sgsne = snp->srcu_gp_seq_needed_exp; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:759: lock: Locking "&ssp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:765: path: Condition "0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:767: def: Assigning data that might be protected by the lock to "gpseq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:768: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:769: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:770: unlock: Unlocking "&ssp->lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:771: unlock: Unlocking "ssp->srcu_gp_mutex.wait_lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:776: path: Condition "ss_state < 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:779: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:804: path: Condition "!(gpseq & counter_wrap_check)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:805: path: Condition "cpu < nr_cpu_ids", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:805: path: Condition "(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:808: path: Condition "9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed + 100)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:807: lockagain: Locking "spinlock_check(&sdp->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:809: use: Using an unreliable value of "gpseq" inside the second locked section. If the data that "gpseq" depends on was changed by another thread, this use might be incorrect. +# 807| spin_lock_irqsave_rcu_node(sdp, flags); +# 808| if (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed + 100)) +# 809|-> sdp->srcu_gp_seq_needed = gpseq; +# 810| if (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed_exp + 100)) +# 811| sdp->srcu_gp_seq_needed_exp = gpseq; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:759: lock: Locking "&ssp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:761: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:762: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:765: path: Condition "0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:767: def: Assigning data that might be protected by the lock to "gpseq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:768: path: Condition "9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:769: path: Condition "0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:770: unlock: Unlocking "&ssp->lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:771: unlock: Unlocking "ssp->srcu_gp_mutex.wait_lock". "gpseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:775: path: Condition "0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:776: path: Condition "ss_state < 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:779: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:804: path: Condition "!(gpseq & counter_wrap_check)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:805: path: Condition "cpu < nr_cpu_ids", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:805: path: Condition "(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:808: path: Condition "9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed + 100)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:810: path: Condition "9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed_exp + 100)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:807: lockagain: Locking "spinlock_check(&sdp->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c:811: use: Using an unreliable value of "gpseq" inside the second locked section. If the data that "gpseq" depends on was changed by another thread, this use might be incorrect. +# 809| sdp->srcu_gp_seq_needed = gpseq; +# 810| if (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed_exp + 100)) +# 811|-> sdp->srcu_gp_seq_needed_exp = gpseq; +# 812| spin_unlock_irqrestore_rcu_node(sdp, flags); +# 813| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1912: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "!(rnp->qsmask & mask)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "rnp->gp_seq != gps", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1925: path: Condition "0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1926: path: Condition "!!rnp->gp_tasks", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1930: path: Condition "rnp->qsmask != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1930: path: Condition "rcu_preempt_blocked_readers_cgp(rnp)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1938: path: Condition "rnp->parent == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1947: lock: Locking "&rnp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1948: path: Condition "0 /* !((((sizeof (rnp_c->qsmask) == sizeof (char) || sizeof (rnp_c->qsmask) == sizeof (short)) || sizeof (rnp_c->qsmask) == sizeof (int)) || sizeof (rnp_c->qsmask) == sizeof (long)) || sizeof (rnp_c->qsmask) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1949: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1912: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "!(rnp->qsmask & mask)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "rnp->gp_seq != gps", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1925: path: Condition "0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1926: path: Condition "!!rnp->gp_tasks", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1930: path: Condition "rnp->qsmask != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1930: path: Condition "rcu_preempt_blocked_readers_cgp(rnp)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1937: def: Assigning data that might be protected by the lock to "mask". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1938: path: Condition "rnp->parent == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1944: unlock: Unlocking "&rnp->lock". "mask" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1948: path: Condition "0 /* !((((sizeof (rnp_c->qsmask) == sizeof (char) || sizeof (rnp_c->qsmask) == sizeof (short)) || sizeof (rnp_c->qsmask) == sizeof (int)) || sizeof (rnp_c->qsmask) == sizeof (long)) || sizeof (rnp_c->qsmask) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1949: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1912: path: Condition "true", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "!(rnp->qsmask & mask)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "mask", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1913: path: Condition "rnp->gp_seq != gps", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1922: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1923: path: Condition "!!__ret_warn_on", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1925: path: Condition "0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1947: lockagain: Locking "&rnp->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:1926: use: Using an unreliable value of "mask" inside the second locked section. If the data that "mask" depends on was changed by another thread, this use might be incorrect. +# 1924| rcu_preempt_blocked_readers_cgp(rnp)); +# 1925| WRITE_ONCE(rnp->qsmask, rnp->qsmask & ~mask); +# 1926|-> trace_rcu_quiescent_state_report(rcu_state.name, rnp->gp_seq, +# 1927| mask, rnp->qsmask, rnp->level, +# 1928| rnp->grplo, rnp->grphi, + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3956: path: Condition "rcu_seq_done(&rcu_state.barrier_sequence, s)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3964: lock: Locking "&rcu_state.barrier_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3966: def: Assigning data that might be protected by the lock to "gseq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3978: unlock: Unlocking "&rcu_state.barrier_lock". "gseq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3985: path: Condition "cpu < nr_cpu_ids", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3985: path: Condition "(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3988: path: Condition "0 /* !((((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) || sizeof (rdp->barrier_seq_snap) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3988: path: Condition "0 /* !(((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3988: path: Condition "({...; ___p1;}) == gseq", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3991: path: Condition "!rcu_segcblist_n_cbs(&rdp->cblist)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3992: path: Condition "0 /* !((((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) || sizeof (rdp->barrier_seq_snap) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3990: lockagain: Locking "&rcu_state.barrier_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:3992: use: Using an unreliable value of "gseq" inside the second locked section. If the data that "gseq" depends on was changed by another thread, this use might be incorrect. +# 3990| raw_spin_lock_irqsave(&rcu_state.barrier_lock, flags); +# 3991| if (!rcu_segcblist_n_cbs(&rdp->cblist)) { +# 3992|-> WRITE_ONCE(rdp->barrier_seq_snap, gseq); +# 3993| raw_spin_unlock_irqrestore(&rcu_state.barrier_lock, flags); +# 3994| rcu_barrier_trace(TPS("NQ"), cpu, rcu_state.barrier_sequence); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4108: lock: Locking "&rnp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4108: def: Assigning data that might be protected by the lock to "flags". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4110: path: Condition "0 /* !((((sizeof (rcu_state.n_force_qs) == sizeof (char) || sizeof (rcu_state.n_force_qs) == sizeof (short)) || sizeof (rcu_state.n_force_qs) == sizeof (int)) || sizeof (rcu_state.n_force_qs) == sizeof (long)) || sizeof (rcu_state.n_force_qs) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4113: unlock: Unlocking "&rnp->lock". "flags" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4119: path: Condition "!rcu_segcblist_is_enabled(&rdp->cblist)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4130: path: Condition "0 /* !((((sizeof (rnp->gp_seq) == sizeof (char) || sizeof (rnp->gp_seq) == sizeof (short)) || sizeof (rnp->gp_seq) == sizeof (int)) || sizeof (rnp->gp_seq) == sizeof (long)) || sizeof (rnp->gp_seq) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4128: lockagain: Locking "&rnp->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c:4138: use: Using an unreliable value of "flags" inside the second locked section. If the data that "flags" depends on was changed by another thread, this use might be incorrect. +# 4136| rdp->rcu_iw_gp_seq = rdp->gp_seq - 1; +# 4137| trace_rcu_grace_period(rcu_state.name, rdp->gp_seq, TPS("cpuonl")); +# 4138|-> raw_spin_unlock_irqrestore_rcu_node(rnp, flags); +# 4139| rcu_spawn_one_boost_kthread(rnp); +# 4140| rcu_spawn_cpu_nocb_kthread(cpu); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:137: lock: Locking "spinlock_check(&wq_head->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:138: def: Assigning data that might be protected by the lock to "remaining". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:140: unlock: Unlocking "&wq_head->lock". "remaining" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:141: path: Condition "bookmark.flags & 4", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:137: lockagain: Locking "spinlock_check(&wq_head->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c:138: use: Using an unreliable value of "remaining" inside the second locked section. If the data that "remaining" depends on was changed by another thread, this use might be incorrect. +# 136| do { +# 137| spin_lock_irqsave(&wq_head->lock, flags); +# 138|-> remaining = __wake_up_common(wq_head, mode, remaining, +# 139| wake_flags, key, &bookmark); +# 140| spin_unlock_irqrestore(&wq_head->lock, flags); + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2144: path: Condition "count >= 256", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2147: path: Condition "copy_from_user(buf, ubuf, count)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2150: path: Condition "!zalloc_cpumask_var(&osnoise_cpumask_new, 3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2153: local_addr: Address of local variable "buf". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2153: identity_transfer: Passing "buf" as argument 1 to function "cpulist_parse", which returns an offset off that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2153: local_ptr_assign_ptr: Assigning: "err" = "cpulist_parse(buf, osnoise_cpumask_new)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2154: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2155: path: Jumping to label "err_free". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c:2186: return_local_addr_alias: Returning pointer "err" which points to local variable "buf". +# 2184| free_cpumask_var(osnoise_cpumask_new); +# 2185| +# 2186|-> return err; +# 2187| } +# 2188| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2094: path: Condition "!PageHuge(page)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2097: lock: Locking "&hugetlb_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2098: path: Condition "!PageHuge(page)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2103: path: Condition "!page_count(page)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2105: def: Assigning data that might be protected by the lock to "h". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2106: path: Condition "h->free_huge_pages - h->resv_huge_pages == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2113: path: Condition "!!!HPageFreed(head)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2130: unlock: Unlocking "&hugetlb_lock". "h" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2141: path: Condition "!rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2144: lockagain: Locking "&hugetlb_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2145: use: Using an unreliable value of "h" inside the second locked section. If the data that "h" depends on was changed by another thread, this use might be incorrect. +# 2143| } else { +# 2144| spin_lock_irq(&hugetlb_lock); +# 2145|-> add_hugetlb_page(h, head, false); +# 2146| h->max_huge_pages++; +# 2147| spin_unlock_irq(&hugetlb_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2094: path: Condition "!PageHuge(page)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2097: lock: Locking "&hugetlb_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2098: path: Condition "!PageHuge(page)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2103: path: Condition "!page_count(page)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2104: def: Assigning data that might be protected by the lock to "head". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2106: path: Condition "h->free_huge_pages - h->resv_huge_pages == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2113: path: Condition "!!!HPageFreed(head)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2130: unlock: Unlocking "&hugetlb_lock". "head" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2141: path: Condition "!rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2144: lockagain: Locking "&hugetlb_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c:2145: use: Using an unreliable value of "head" inside the second locked section. If the data that "head" depends on was changed by another thread, this use might be incorrect. +# 2143| } else { +# 2144| spin_lock_irq(&hugetlb_lock); +# 2145|-> add_hugetlb_page(h, head, false); +# 2146| h->max_huge_pages++; +# 2147| spin_unlock_irq(&hugetlb_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2106: infer_lock: Assuming "&khugepaged_mm_lock" is locked since it is unlocked without prior lock in this function. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2119: path: Condition "khugepaged_scan.mm_slot", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2120: def: Assigning data that might be protected by the lock to "mm_slot". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2120: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2127: unlock: Unlocking "&khugepaged_mm_lock". "mm_slot" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2136: path: Condition "!!!mmap_read_trylock(mm)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2137: path: Jumping to label "breakouterloop_mmap_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2206: path: Condition "khugepaged_test_exit(mm)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2212: path: Condition "mm_slot->mm_node.next != &khugepaged_scan.mm_head", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2217: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2200: lockagain: Locking "&khugepaged_mm_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c:2222: use: Using an unreliable value of "mm_slot" inside the second locked section. If the data that "mm_slot" depends on was changed by another thread, this use might be incorrect. +# 2220| } +# 2221| +# 2222|-> collect_mm_slot(mm_slot); +# 2223| } +# 2224| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:483: path: Condition "!list_lru_memcg_aware(lru)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:483: path: Condition "memcg_list_lru_allocated(memcg, lru)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:488: path: Condition "!table", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:496: path: Condition "memcg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:497: path: Condition "memcg_list_lru_allocated(memcg, lru)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:502: path: Condition "!table[i].mlru", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:508: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:496: path: Condition "memcg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:497: path: Condition "memcg_list_lru_allocated(memcg, lru)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:498: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:510: lock: Locking "spinlock_check(&xas.xa->xa_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:511: path: Condition "i--", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:512: path: Condition "0 /* !((((sizeof (table[i].memcg->kmemcg_id) == sizeof (char) || sizeof (table[i].memcg->kmemcg_id) == sizeof (short)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (int)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:513: def: Assigning data that might be protected by the lock to "mlru". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:517: path: Condition "index < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:517: path: Condition "xas_error(&xas)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:517: path: Condition "xas_load(&xas)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:521: path: Condition "xas_error(&xas) == -12", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:522: unlock: Unlocking "&xas.xa->xa_lock". "mlru" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:523: path: Condition "xas_nomem(&xas, gfp)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:532: path: Condition "0 /* !((((sizeof (table[i].memcg->kmemcg_id) == sizeof (char) || sizeof (table[i].memcg->kmemcg_id) == sizeof (short)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (int)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:533: path: Condition "index < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:534: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:537: path: Jumping to label "retry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:517: path: Condition "index < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:525: lockagain: Locking "spinlock_check(&xas.xa->xa_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c:518: use: Using an unreliable value of "mlru" inside the second locked section. If the data that "mlru" depends on was changed by another thread, this use might be incorrect. +# 516| retry: +# 517| if (unlikely(index < 0 || xas_error(&xas) || xas_load(&xas))) { +# 518|-> kfree(mlru); +# 519| } else { +# 520| xas_store(&xas, mlru); + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1445: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1452: path: Condition "flags != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1457: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1457: local_ptr_assign_ptr: Assigning: "ret" = "import_iovec(0, vec, vlen, 8U, &iov, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1458: path: Condition "ret < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1459: path: Jumping to label "out". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c:1508: return_local_addr_alias: Returning pointer "ret" which points to local variable "iovstack". +# 1506| kfree(iov); +# 1507| out: +# 1508|-> return ret; +# 1509| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3522: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3524: path: Condition "!free_unref_page_prepare(page, pfn, 0)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3526: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3522: path: Condition "!(&(*page).lru == list)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3541: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3545: path: Condition "zone != locked_zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3546: path: Condition "pcp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3558: path: Condition "!!(migratetype >= MIGRATE_PCPTYPES)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3568: path: Condition "++batch_count == 32UL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3573: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3541: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3545: path: Condition "zone != locked_zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3546: path: Condition "pcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3547: path: Condition "!!__preempt_count_dec_and_test()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3558: path: Condition "!!(migratetype >= MIGRATE_PCPTYPES)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3568: path: Condition "++batch_count == 32UL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3573: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3541: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3545: path: Condition "zone != locked_zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3546: path: Condition "pcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3547: path: Condition "!!__preempt_count_dec_and_test()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3558: path: Condition "!!(migratetype >= MIGRATE_PCPTYPES)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3568: path: Condition "++batch_count == 32UL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3569: path: Condition "!!__preempt_count_dec_and_test()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3573: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3541: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3545: path: Condition "zone != locked_zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3546: path: Condition "pcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3547: path: Condition "!!__preempt_count_dec_and_test()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3550: lock: Locking "spinlock_check(&_ret->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3558: path: Condition "!!(migratetype >= MIGRATE_PCPTYPES)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3568: path: Condition "++batch_count == 32UL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3573: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3541: path: Condition "!(&(*page).lru == list)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3542: def: Assigning data that might be protected by the lock to "zone". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3545: path: Condition "zone != locked_zone", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3546: path: Condition "pcp", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3547: unlock: Unlocking "&pcp->lock". "zone" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3547: path: Condition "!!__preempt_count_dec_and_test()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3558: path: Condition "!!(migratetype >= MIGRATE_PCPTYPES)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3550: lockagain: Locking "spinlock_check(&_ret->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c:3562: use: Using an unreliable value of "zone" inside the second locked section. If the data that "zone" depends on was changed by another thread, this use might be incorrect. +# 3560| +# 3561| trace_mm_page_free_batched(page); +# 3562|-> free_unref_page_commit(zone, pcp, page, migratetype, 0); +# 3563| +# 3564| /* + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1740: path: Condition "(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1741: path: Condition "!(gfp & 8192U /* (gfp_t)8192U */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1749: path: Condition "!!(align < (4UL /* 1 << 2 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "align > (4096UL /* 1UL << 12 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!is_power_of_2(align)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1763: path: Condition "!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1766: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1772: path: Condition "gfp & 32768U /* (gfp_t)32768U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1774: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1780: lock: Locking "spinlock_check(&pcpu_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "reserved", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "pcpu_reserved_chunk", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1784: def: Assigning data that might be protected by the lock to "chunk". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1787: path: Condition "off < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1793: path: Condition "off >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1794: path: Jumping to label "area_found". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1850: unlock: Unlocking "&pcpu_lock". "chunk" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1853: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1859: path: Condition "rs < page_end", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1860: path: Condition "result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1865: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1864: lockagain: Locking "spinlock_check(&pcpu_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1866: use: Using an unreliable value of "chunk" inside the second locked section. If the data that "chunk" depends on was changed by another thread, this use might be incorrect. +# 1864| spin_lock_irqsave(&pcpu_lock, flags); +# 1865| if (ret) { +# 1866|-> pcpu_free_area(chunk, off); +# 1867| err = "failed to populate"; +# 1868| goto fail_unlock; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1740: path: Condition "(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1741: path: Condition "!(gfp & 8192U /* (gfp_t)8192U */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1749: path: Condition "!!(align < (4UL /* 1 << 2 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "align > (4096UL /* 1UL << 12 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!is_power_of_2(align)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1763: path: Condition "!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1766: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1772: path: Condition "gfp & 32768U /* (gfp_t)32768U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1774: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1780: lock: Locking "spinlock_check(&pcpu_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "reserved", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "pcpu_reserved_chunk", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1787: path: Condition "off < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1792: def: Assigning data that might be protected by the lock to "off". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1793: path: Condition "off >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1794: path: Jumping to label "area_found". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1850: unlock: Unlocking "&pcpu_lock". "off" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1853: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1859: path: Condition "rs < page_end", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1860: path: Condition "result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1865: path: Condition "ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1864: lockagain: Locking "spinlock_check(&pcpu_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1866: use: Using an unreliable value of "off" inside the second locked section. If the data that "off" depends on was changed by another thread, this use might be incorrect. +# 1864| spin_lock_irqsave(&pcpu_lock, flags); +# 1865| if (ret) { +# 1866|-> pcpu_free_area(chunk, off); +# 1867| err = "failed to populate"; +# 1868| goto fail_unlock; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1740: path: Condition "(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1741: path: Condition "!(gfp & 8192U /* (gfp_t)8192U */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1749: path: Condition "!!(align < (4UL /* 1 << 2 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "align > (4096UL /* 1UL << 12 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1756: path: Condition "!is_power_of_2(align)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1763: path: Condition "!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1766: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1772: path: Condition "gfp & 32768U /* (gfp_t)32768U */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1774: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1780: lock: Locking "spinlock_check(&pcpu_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "reserved", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1783: path: Condition "pcpu_reserved_chunk", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1784: def: Assigning data that might be protected by the lock to "chunk". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1787: path: Condition "off < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1793: path: Condition "off >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1794: path: Jumping to label "area_found". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1850: unlock: Unlocking "&pcpu_lock". "chunk" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1853: path: Condition "!is_atomic", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1859: path: Condition "rs < page_end", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1860: path: Condition "result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1865: path: Condition "ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1864: lockagain: Locking "spinlock_check(&pcpu_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:1870: use: Using an unreliable value of "chunk" inside the second locked section. If the data that "chunk" depends on was changed by another thread, this use might be incorrect. +# 1868| goto fail_unlock; +# 1869| } +# 1870|-> pcpu_chunk_populated(chunk, rs, re); +# 1871| spin_unlock_irqrestore(&pcpu_lock, flags); +# 1872| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2060: path: Condition "pcpu_atomic_alloc_failed", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2064: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2070: path: Condition "slot <= pcpu_free_slot", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2073: path: Condition "!nr_to_pop", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2076: path: Condition "!(&chunk->list == &pcpu_chunk_lists[slot])", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2078: path: Condition "nr_unpop", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2079: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2082: path: Condition "!nr_unpop", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2086: path: Condition "rs < chunk->nr_pages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2087: path: Condition "__UNIQUE_ID___x417 < __UNIQUE_ID___y418", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2092: lock: Locking "&pcpu_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2093: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2096: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2100: path: Condition "!nr_to_pop", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2102: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2086: def: Assigning data that might be protected by the lock to "rs". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2086: path: Condition "rs < chunk->nr_pages", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2087: path: Condition "__UNIQUE_ID___x417 < __UNIQUE_ID___y418", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2089: unlock: Unlocking "&pcpu_lock". "rs" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2093: path: Condition "!ret", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2092: lockagain: Locking "&pcpu_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2095: use: Using an unreliable value of "rs" inside the second locked section. If the data that "rs" depends on was changed by another thread, this use might be incorrect. +# 2093| if (!ret) { +# 2094| nr_to_pop -= nr; +# 2095|-> pcpu_chunk_populated(chunk, rs, rs + nr); +# 2096| } else { +# 2097| nr_to_pop = 0; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2149: path: Condition "!list_empty(&pcpu_chunk_lists[pcpu_to_depopulate_slot])", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2152: path: Condition "result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2161: path: Condition "i >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2163: path: Condition "chunk->nr_empty_pop_pages == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2164: path: Breaking from loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2207: path: Condition "freed_page_start < freed_page_end", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2213: lock: Locking "&pcpu_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2216: path: Condition "reintegrate", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2216: path: Condition "chunk->free_bytes == pcpu_unit_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2217: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2221: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2149: path: Condition "!list_empty(&pcpu_chunk_lists[pcpu_to_depopulate_slot])", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2152: path: Condition "result", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2158: def: Assigning data that might be protected by the lock to "freed_page_start". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2161: path: Condition "i >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2163: path: Condition "chunk->nr_empty_pop_pages == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2167: path: Condition "pcpu_nr_empty_pop_pages < 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2179: path: Condition "block->contig_hint == (1024UL /* (1UL << 12) >> 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2179: path: Condition "test_bit(i, chunk->populated)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2181: path: Condition "end == -1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2183: path: Condition "i > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2184: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2161: path: Condition "i >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2163: path: Condition "chunk->nr_empty_pop_pages == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2167: path: Condition "pcpu_nr_empty_pop_pages < 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2179: path: Condition "block->contig_hint == (1024UL /* (1UL << 12) >> 2 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2179: path: Condition "test_bit(i, chunk->populated)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2181: path: Condition "end == -1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2183: path: Condition "i > 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2189: path: Condition "end == -1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2192: unlock: Unlocking "&pcpu_lock". "freed_page_start" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2195: lockagain: Locking "&pcpu_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c:2198: use: Using an unreliable value of "freed_page_start" inside the second locked section. If the data that "freed_page_start" depends on was changed by another thread, this use might be incorrect. +# 2196| +# 2197| pcpu_chunk_depopulated(chunk, i + 1, end + 1); +# 2198|-> freed_page_start = min(freed_page_start, i + 1); +# 2199| freed_page_end = max(freed_page_end, end + 1); +# 2200| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:262: local_ptr_assign_local: Assigning: "iov_l" = "iovstack_l" (address of local variable "iovstack_l"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:268: path: Condition "flags != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:272: identity_transfer: Passing "iov_l" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:272: local_ptr_assign_ptr: Assigning: "rc" = "import_iovec(dir, lvec, liovcnt, 8U, &iov_l, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:273: path: Condition "rc < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:274: return_local_addr_alias: Returning pointer "rc" which points to local variable "iovstack_l". +# 272| rc = import_iovec(dir, lvec, liovcnt, UIO_FASTIOV, &iov_l, &iter); +# 273| if (rc < 0) +# 274|-> return rc; +# 275| if (!iov_iter_count(&iter)) +# 276| goto free_iov_l; + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:262: local_ptr_assign_local: Assigning: "iov_l" = "iovstack_l" (address of local variable "iovstack_l"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:268: path: Condition "flags != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:272: identity_transfer: Passing "iov_l" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:272: local_ptr_assign_ptr: Assigning: "rc" = "import_iovec(dir, lvec, liovcnt, 8U, &iov_l, &iter)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:273: path: Condition "rc < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:275: path: Condition "!iov_iter_count(&iter)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:276: path: Jumping to label "free_iov_l". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:288: return_local_addr_alias: Returning pointer "rc" which points to local variable "iovstack_l". +# 286| free_iov_l: +# 287| kfree(iov_l); +# 288|-> return rc; +# 289| } +# 290| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:268: path: Condition "flags != 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:273: path: Condition "rc < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:275: path: Condition "!iov_iter_count(&iter)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:277: local_addr: Address of local variable "iovstack_r". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:277: identity_transfer: Passing "iovstack_r" as argument 4 to function "iovec_from_user", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:277: local_ptr_assign_ptr: Assigning: "iov_r" = "iovec_from_user(rvec, riovcnt, 8UL, iovstack_r, in_compat_syscall())". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:279: path: Condition "IS_ERR(iov_r)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:280: identity_transfer: Passing "iov_r" as argument 1 to function "PTR_ERR", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:280: local_ptr_assign_ptr: Assigning: "rc" = "PTR_ERR(iov_r)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:281: path: Jumping to label "free_iov_l". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c:288: return_local_addr_alias: Returning pointer "rc" which points to local variable "iovstack_r". +# 286| free_iov_l: +# 287| kfree(iov_l); +# 288|-> return rc; +# 289| } +# 290| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2088: path: Condition "!!inode->i_private", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2091: lock: Locking "&inode->i_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2093: path: Condition "shmem_falloc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2093: path: Condition "shmem_falloc->waitq", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2093: path: Condition "(*vmf).pgoff >= shmem_falloc->start", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2093: path: Condition "(*vmf).pgoff < shmem_falloc->next", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2103: path: Condition "fpin", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2106: def: Assigning data that might be protected by the lock to "shmem_falloc_waitq". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2109: unlock: Unlocking "&inode->i_lock". "shmem_falloc_waitq" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2119: lockagain: Locking "&inode->i_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c:2120: use: Using an unreliable value of "shmem_falloc_waitq" inside the second locked section. If the data that "shmem_falloc_waitq" depends on was changed by another thread, this use might be incorrect. +# 2118| */ +# 2119| spin_lock(&inode->i_lock); +# 2120|-> finish_wait(shmem_falloc_waitq, &shmem_fault_wait); +# 2121| spin_unlock(&inode->i_lock); +# 2122| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2472: path: Condition "partial_slab", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2480: path: Condition "n != n2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2481: path: Condition "n", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2485: lock: Locking "spinlock_check(&n->list_lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2502: path: Condition "!__cmpxchg_double_slab(s, slab, old.freelist, old.counters, new.freelist, new.counters, "unfreezing slab")", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2504: path: Condition "!new.inuse", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2504: path: Condition "n->nr_partial >= s->min_partial", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2507: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2511: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2472: path: Condition "partial_slab", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2477: def: Assigning data that might be protected by the lock to "partial_slab". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2480: path: Condition "n != n2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2481: path: Condition "n", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2482: unlock: Unlocking "&n->list_lock". "partial_slab" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2502: path: Condition "!__cmpxchg_double_slab(s, slab, old.freelist, old.counters, new.freelist, new.counters, "unfreezing slab")", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2504: path: Condition "!new.inuse", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2504: path: Condition "n->nr_partial >= s->min_partial", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2507: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2511: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2472: path: Condition "partial_slab", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2485: lockagain: Locking "spinlock_check(&n->list_lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c:2476: use: Using an unreliable value of "partial_slab" inside the second locked section. If the data that "partial_slab" depends on was changed by another thread, this use might be incorrect. +# 2474| struct slab old; +# 2475| +# 2476|-> slab = partial_slab; +# 2477| partial_slab = slab->next; +# 2478| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:493: path: Condition "!cluster_list_empty(&si->discard_clusters)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:500: lock: Locking "&si->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:506: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:493: path: Condition "!cluster_list_empty(&si->discard_clusters)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:494: def: Assigning data that might be protected by the lock to "idx". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:495: unlock: Unlocking "&si->lock". "idx" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:500: lockagain: Locking "&si->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:502: use: Using an unreliable value of "idx" inside the second locked section. If the data that "idx" depends on was changed by another thread, this use might be incorrect. +# 500| spin_lock(&si->lock); +# 501| ci = lock_cluster(si, idx * SWAPFILE_CLUSTER); +# 502|-> __free_cluster(si, idx); +# 503| memset(si->swap_map + idx * SWAPFILE_CLUSTER, +# 504| 0, SWAPFILE_CLUSTER); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:829: path: Condition "si->flags & SWP_SOLIDSTATE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:830: path: Switch case value "4". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:830: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:830: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:836: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:837: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:838: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: lock: Locking "si->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:887: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:889: path: Condition "!(si->flags & SWP_WRITEOK)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:891: path: Condition "!si->highest_bit", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:893: path: Condition "offset > si->highest_bit", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:894: def: Assigning data that might be protected by the lock to "offset". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:898: path: Condition "vm_swap_full()", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:898: path: Condition "si->swap_map[offset] == 64", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:900: unlock: Unlocking "ci->lock". "offset" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:901: unlock: Unlocking "&si->lock". "offset" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:905: path: Condition "swap_was_freed", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:906: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: path: Condition "scan_swap_map_ssd_cluster_conflict(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:882: path: Condition "n_ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:884: path: Condition "!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:886: path: Jumping to label "scan". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:975: unlock: Unlocking "&si->lock". "offset" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:976: path: Condition "++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:977: path: Condition "!!(--latency_ration < 0)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: path: Condition "swap_offset_available_and_locked(si, offset)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:983: path: Jumping to label "checks". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:879: path: Condition "si->cluster_info", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:982: lockagain: Locking "si->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c:880: use: Using an unreliable value of "offset" inside the second locked section. If the data that "offset" depends on was changed by another thread, this use might be incorrect. +# 878| checks: +# 879| if (si->cluster_info) { +# 880|-> while (scan_swap_map_ssd_cluster_conflict(si, offset)) { +# 881| /* take a break if we already got some slots */ +# 882| if (n_ret) + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:960: path: Condition "!zpool_can_sleep_mapped(pool)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:962: path: Condition "!tmp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:973: lock: Locking "&tree->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:974: def: Assigning data that might be protected by the lock to "entry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:975: path: Condition "!entry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:982: unlock: Unlocking "&tree->lock". "entry" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:983: path: Condition "offset != entry->offset", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:986: path: Condition "!zpool_can_sleep_mapped(pool)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:993: path: Switch case value "ZSWAP_SWAPCACHE_FAIL". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:996: path: Jumping to label "fail". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1058: lockagain: Locking "&tree->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1059: use: Using an unreliable value of "entry" inside the second locked section. If the data that "entry" depends on was changed by another thread, this use might be incorrect. +# 1057| fail: +# 1058| spin_lock(&tree->lock); +# 1059|-> zswap_entry_put(tree, entry); +# 1060| spin_unlock(&tree->lock); +# 1061| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1304: lock: Locking "&tree->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1305: def: Assigning data that might be protected by the lock to "entry". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1306: path: Condition "!entry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1311: unlock: Unlocking "&tree->lock". "entry" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1313: path: Condition "!entry->length", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1316: path: Condition "0 /* !!__builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1318: path: Jumping to label "stats". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1358: path: Condition "entry->objcg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1361: lockagain: Locking "&tree->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c:1362: use: Using an unreliable value of "entry" inside the second locked section. If the data that "entry" depends on was changed by another thread, this use might be incorrect. +# 1360| freeentry: +# 1361| spin_lock(&tree->lock); +# 1362|-> zswap_entry_put(tree, entry); +# 1363| spin_unlock(&tree->lock); +# 1364| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:591: path: Condition "!pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "0 /* !((((sizeof (in_dev->mc_list) == sizeof (char) || sizeof (in_dev->mc_list) == sizeof (short)) || sizeof (in_dev->mc_list) == sizeof (int)) || sizeof (in_dev->mc_list) == sizeof (long)) || sizeof (in_dev->mc_list) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "pmc != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:594: path: Condition "pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:595: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "pmc != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:594: path: Condition "pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:596: path: Condition "ipv4_is_local_multicast(pmc->multiaddr)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:597: path: Condition "0 /* !((((sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (char) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (short)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (int)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:596: path: Condition "!({...; *((unsigned char const volatile *)&net->ipv4.sysctl_igmp_llm_reports);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:599: lock: Locking "&pmc->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:600: path: Condition "pmc->sfcount[0]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:601: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:604: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:605: unlock: Unlocking "&pmc->lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:606: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:593: path: Condition "pmc != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:594: path: Condition "pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:596: path: Condition "ipv4_is_local_multicast(pmc->multiaddr)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:597: path: Condition "0 /* !((((sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (char) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (short)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (int)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:596: path: Condition "!({...; *((unsigned char const volatile *)&net->ipv4.sysctl_igmp_llm_reports);})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:600: path: Condition "pmc->sfcount[0]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:601: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:599: lockagain: Locking "&pmc->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:604: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 602| else +# 603| type = IGMPV3_MODE_IS_INCLUDE; +# 604|-> skb = add_grec(skb, pmc, type, 0, 0); +# 605| spin_unlock_bh(&pmc->lock); +# 606| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->sources", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:670: path: Condition "pmc->sfmode == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:675: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:663: path: Condition "pmc->sfmode == 1", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:669: path: Condition "pmc->crcount", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "pmc->crcount == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->tomb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:680: path: Condition "!pmc->sources", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:689: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:661: path: Condition "pmc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:693: path: Condition "0 /* !((((sizeof (in_dev->mc_list) == sizeof (char) || sizeof (in_dev->mc_list) == sizeof (short)) || sizeof (in_dev->mc_list) == sizeof (int)) || sizeof (in_dev->mc_list) == sizeof (long)) || sizeof (in_dev->mc_list) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:693: path: Condition "pmc != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:694: lock: Locking "&pmc->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:695: path: Condition "pmc->sfcount[0]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:698: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:706: path: Condition "pmc->crcount", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:707: path: Condition "pmc->sfmode == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:708: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:711: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:714: unlock: Unlocking "&pmc->lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:715: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:693: path: Condition "0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:693: path: Condition "pmc != NULL", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:695: path: Condition "pmc->sfcount[0]", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:698: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:694: lockagain: Locking "&pmc->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c:702: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 700| dtype = IGMPV3_BLOCK_OLD_SOURCES; +# 701| } +# 702|-> skb = add_grec(skb, pmc, type, 0, 0); +# 703| skb = add_grec(skb, pmc, dtype, 0, 1); /* deleted sources */ +# 704| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1336: path: Condition "idev->cnf.use_tempaddr <= 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1343: lock: Locking "&ifp->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1344: path: Condition "ifp->regen_count++ >= idev->cnf.regen_max_retry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1362: path: Condition "__UNIQUE_ID___x719 > __UNIQUE_ID___y720", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1367: path: Condition "0 /* !((((sizeof (idev->cnf.temp_prefered_lft) == sizeof (char) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (short)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (int)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (long)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1368: path: Condition "__UNIQUE_ID___x722 < __UNIQUE_ID___y723", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1372: path: Condition "!!(idev->desync_factor > max_desync_factor)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1373: path: Condition "max_desync_factor > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1377: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1383: path: Condition "__UNIQUE_ID___x724 < __UNIQUE_ID___y725", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1386: path: Condition "__UNIQUE_ID___x726 < __UNIQUE_ID___y727", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1389: def: Assigning data that might be protected by the lock to "tmp_tstamp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1390: unlock: Unlocking "&ifp->lock". "tmp_tstamp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1402: path: Condition "cfg.preferred_lft <= regen_advance + age", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1411: path: Condition "ifp->flags & 4", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1418: path: Condition "IS_ERR(ift)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1426: lockagain: Locking "&ift->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c:1429: use: Using an unreliable value of "tmp_tstamp" inside the second locked section. If the data that "tmp_tstamp" depends on was changed by another thread, this use might be incorrect. +# 1427| ift->ifpub = ifp; +# 1428| ift->cstamp = now; +# 1429|-> ift->tstamp = tmp_tstamp; +# 1430| spin_unlock_bh(&ift->lock); +# 1431| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2221: path: Condition "0 /* !!((sizeof (*h.h2) + 16 - 1 & ~(16 - 1)) != 32) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2222: path: Condition "0 /* !!((sizeof (*h.h3) + 16 - 1 & ~(16 - 1)) != 48) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2224: path: Condition "(*skb).pkt_type == 5", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2230: path: Condition "!net_eq(dev_net(dev), sock_net(sk))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2233: path: Condition "dev_has_header(dev)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2245: path: Condition "!res", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2249: path: Condition "__packet_rcv_has_room(po, skb) == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2254: path: Condition "(*skb).ip_summed == 3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2255: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2259: path: Condition "skb_is_gso(skb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2259: path: Condition "skb_is_gso_tcp(skb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2262: path: Condition "snaplen > res", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2265: path: Condition "sk->sk_type == SOCK_DGRAM", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2268: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2279: path: Condition "netoff > 65535U /* (unsigned short)~0U */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2283: path: Condition "po->tp_version <= TPACKET_V2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2284: path: Condition "macoff + snaplen > po->rx_ring.frame_size", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2285: path: Condition "po->copy_thresh", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2285: path: Condition "atomic_read(&sk->sk_backlog.rmem_alloc) < sk->sk_rcvbuf", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2287: path: Condition "skb_shared(skb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2289: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2293: path: Condition "copy_skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2300: path: Condition "(int)snaplen < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2305: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2319: lock: Locking "&sk->sk_receive_queue.lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2322: path: Condition "!h.raw", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2325: path: Condition "po->tp_version <= TPACKET_V2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2326: def: Assigning data that might be protected by the lock to "slot_id". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2327: path: Condition "test_bit(slot_id, po->rx_ring.rx_owner_map)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2332: path: Condition "do_vnet", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2341: path: Condition "po->tp_version <= TPACKET_V2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2349: path: Condition "atomic_read(&po->tp_drops)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2354: path: Condition "copy_skb", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2359: unlock: Unlocking "&sk->sk_receive_queue.lock". "slot_id" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2368: path: Condition "!ts_status", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2373: path: Switch case value "TPACKET_V1". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2382: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2425: path: Condition "!!po->origdev", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2426: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2445: path: Condition "po->tp_version <= TPACKET_V2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2446: lockagain: Locking "&sk->sk_receive_queue.lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:2448: use: Using an unreliable value of "slot_id" inside the second locked section. If the data that "slot_id" depends on was changed by another thread, this use might be incorrect. +# 2446| spin_lock(&sk->sk_receive_queue.lock); +# 2447| __packet_set_status(po, h.raw, status); +# 2448|-> __clear_bit(slot_id, po->rx_ring.rx_owner_map); +# 2449| spin_unlock(&sk->sk_receive_queue.lock); +# 2450| sk->sk_data_ready(sk); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4339: path: Condition "tx_ring", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4340: path: Condition "tx_ring", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4343: path: Condition "!closing", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4344: path: Condition "atomic_read(&po->mapped)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4346: path: Condition "packet_read_pending(rb)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4350: path: Condition "req->tp_block_nr", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4355: path: Condition "!!rb->pg_vec", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4358: path: Switch case value "TPACKET_V1". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4361: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4371: path: Condition "!!((int)req->tp_block_size <= 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4373: path: Condition "!!!(((unsigned long)req->tp_block_size & 4095UL /* (unsigned long)(1UL << 12) - 1 */) == 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4376: path: Condition "po->tp_version >= TPACKET_V3", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4380: path: Condition "!!(req->tp_frame_size < min_frame_size)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4382: path: Condition "!!(req->tp_frame_size & 15U /* 16 - 1 */)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4386: path: Condition "!!(rb->frames_per_block == 0)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4388: path: Condition "!!(rb->frames_per_block > 4294967295U /* ~0U */ / req->tp_block_nr)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4390: path: Condition "!!(rb->frames_per_block * req->tp_block_nr != req->tp_frame_nr)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4397: path: Condition "!!!pg_vec", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4399: path: Switch case default. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4416: path: Condition "!tx_ring", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4422: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4424: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4434: lock: Locking "&po->bind_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4436: def: Assigning data that might be protected by the lock to "num". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4437: path: Condition "was_running", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4438: path: Condition "0 /* !((((sizeof (po->num) == sizeof (char) || sizeof (po->num) == sizeof (short)) || sizeof (po->num) == sizeof (int)) || sizeof (po->num) == sizeof (long)) || sizeof (po->num) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4441: unlock: Unlocking "&po->bind_lock". "num" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4446: unlock: Unlocking "po->pg_vec_lock.wait_lock". "num" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4447: path: Condition "closing", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4447: path: Condition "atomic_read(&po->mapped) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4451: path: Condition "po->tp_version <= TPACKET_V2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4456: unlock: Unlocking "&rb_queue->lock". "num" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4462: path: Condition "po->rx_ring.pg_vec", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4465: path: Condition "atomic_read(&po->mapped)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4469: unlock: Unlocking "po->pg_vec_lock.wait_lock". "num" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4472: path: Condition "was_running", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4473: path: Condition "0 /* !((((sizeof (po->num) == sizeof (char) || sizeof (po->num) == sizeof (short)) || sizeof (po->num) == sizeof (int)) || sizeof (po->num) == sizeof (long)) || sizeof (po->num) == sizeof (long long)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4471: lockagain: Locking "&po->bind_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c:4473: use: Using an unreliable value of "num" inside the second locked section. If the data that "num" depends on was changed by another thread, this use might be incorrect. +# 4471| spin_lock(&po->bind_lock); +# 4472| if (was_running) { +# 4473|-> WRITE_ONCE(po->num, num); +# 4474| register_prot_hook(sk); +# 4475| } + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c:2473: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c:2478: identity_transfer: Passing "iov" as argument 4 to function "sendmsg_copy_msghdr", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c:2478: local_ptr_assign_ptr: Assigning: "err" = "sendmsg_copy_msghdr(msg_sys, msg, flags, &iov)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c:2479: path: Condition "err < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c:2480: return_local_addr_alias: Returning pointer "err" which points to local variable "iovstack". +# 2478| err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov); +# 2479| if (err < 0) +# 2480|-> return err; +# 2481| +# 2482| err = ____sys_sendmsg(sock, msg_sys, flags, used_address, + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:734: path: Condition "mlen > 1024", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:738: path: Condition "!buf", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:742: path: Condition "copy_from_user(buf, src, mlen)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:747: path: Condition "IS_ERR(p)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:753: path: Condition "!uid_valid(uid)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:760: path: Condition "ctx == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:765: lock: Locking "&pipe->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:766: def: Assigning data that might be protected by the lock to "gss_msg". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:767: path: Condition "gss_msg == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:772: unlock: Unlocking "&pipe->lock". "gss_msg" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:775: path: Condition "IS_ERR(p)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:777: path: Switch case value "-13". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:782: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:794: path: Jumping to label "err_release_msg". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:800: lockagain: Locking "&pipe->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c:801: use: Using an unreliable value of "gss_msg" inside the second locked section. If the data that "gss_msg" depends on was changed by another thread, this use might be incorrect. +# 799| err_release_msg: +# 800| spin_lock(&pipe->lock); +# 801|-> __gss_unhash_msg(gss_msg); +# 802| spin_unlock(&pipe->lock); +# 803| gss_release_msg(gss_msg); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:31: lock: Locking "&xprt->queue_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:32: def: Assigning data that might be protected by the lock to "req". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:33: path: Condition "!req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:38: path: Condition "dst->iov_len < src->iov_len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:42: unlock: Unlocking "&xprt->queue_lock". "req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:45: path: Condition "credits == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:46: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:51: unlock: Unlocking "&xprt->transport_lock". "req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:53: lockagain: Locking "&xprt->queue_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c:55: use: Using an unreliable value of "req" inside the second locked section. If the data that "req" depends on was changed by another thread, this use might be incorrect. +# 53| spin_lock(&xprt->queue_lock); +# 54| xprt_complete_rqst(req->rq_task, rcvbuf->len); +# 55|-> xprt_unpin_rqst(req); +# 56| rcvbuf->len = 0; +# 57| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:604: lock: Locking "&xprt->queue_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:605: def: Assigning data that might be protected by the lock to "req". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:606: path: Condition "!req", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:606: path: Condition "transport->recv.copied", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:606: path: Condition "!req->rq_private_buf.len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:611: unlock: Unlocking "&xprt->queue_lock". "req" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:616: path: Condition "msg->msg_flags & (160U /* 0x80 | 0x20 */)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:617: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:615: lockagain: Locking "&xprt->queue_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:620: use: Using an unreliable value of "req" inside the second locked section. If the data that "req" depends on was changed by another thread, this use might be incorrect. +# 618| else +# 619| req->rq_private_buf.len = transport->recv.copied; +# 620|-> xprt_unpin_rqst(req); +# 621| out: +# 622| spin_unlock(&xprt->queue_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1296: path: Condition "repsize < 4", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1303: path: Condition "xp == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1307: lock: Locking "&xprt->queue_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1308: def: Assigning data that might be protected by the lock to "rovr". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1309: path: Condition "!rovr", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1313: unlock: Unlocking "&xprt->queue_lock". "rovr" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1316: path: Condition "(copied = rovr->rq_private_buf.buflen) > repsize", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1320: path: Condition "csum_partial_copy_to_xdr(&rovr->rq_private_buf, skb)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1329: unlock: Unlocking "&xprt->transport_lock". "rovr" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Switch case value "8". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Condition "0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Condition "1 /* pao_ID__ == 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Condition "sk->__sk_common.skc_family == 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Condition "sk->sk_protocol == IPPROTO_UDPLITE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1332: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1330: lockagain: Locking "&xprt->queue_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c:1334: use: Using an unreliable value of "rovr" inside the second locked section. If the data that "rovr" depends on was changed by another thread, this use might be incorrect. +# 1332| __UDPX_INC_STATS(sk, UDP_MIB_INDATAGRAMS); +# 1333| out_unpin: +# 1334|-> xprt_unpin_rqst(rovr); +# 1335| out_unlock: +# 1336| spin_unlock(&xprt->queue_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2530: path: Condition "!!(sk->__sk_common.skc_state != TCP_ESTABLISHED)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2535: path: Condition "!!(flags & 1)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2541: path: Condition "noblock", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2550: path: Condition "__UNIQUE_ID___x562 > __UNIQUE_ID___y563", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2558: lock: Locking "&unix_sk(sk)->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2559: path: Condition "sock_flag(sk, SOCK_DEAD)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2564: path: Condition "last", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2566: path: Condition "skb == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2604: path: Condition "skip >= unix_skb_len(skb)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2608: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2609: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2611: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2604: path: Condition "skip >= unix_skb_len(skb)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2613: unlock: Unlocking "&unix_sk(sk)->lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2615: path: Condition "check_creds", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2619: path: Condition "test_bit(3, &sock->flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2627: path: Condition "state->msg", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2627: path: Condition "state->msg->msg_name", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2628: path: Condition "0 /* !!(sizeof (*sunaddr) > sizeof (struct __kernel_sockaddr_storage)) */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2634: path: Condition "__UNIQUE_ID___x565 < __UNIQUE_ID___y566", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2637: path: Condition "!unix_skb_len(skb)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2640: path: Condition "chunk < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2648: path: Condition "drop_skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2661: path: Condition "!(flags & 2)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2682: path: Condition "((struct unix_skb_parms *)&skb->cb)->fp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2687: path: Condition "((struct unix_skb_parms *)&skb->cb)->fp", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2693: lockagain: Locking "&unix_sk(sk)->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c:2694: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 2692| last_len = skb->len; +# 2693| unix_state_lock(sk); +# 2694|-> skb = skb_peek_next(skb, &sk->sk_receive_queue); +# 2695| if (skb) +# 2696| goto again; + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:357: path: Condition "skb != (struct sk_buff *)&vvs->rx_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:360: path: Condition "total == len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "off < skb->len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:365: path: Condition "bytes > skb->len - off", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:374: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:381: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "off < skb->len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:365: path: Condition "bytes > skb->len - off", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:374: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:377: lock: Locking "&vvs->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:381: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "off < skb->len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:382: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:357: def: Assigning data that might be protected by the lock to "tmp". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:357: path: Condition "skb != (struct sk_buff *)&vvs->rx_queue", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:360: path: Condition "total == len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "off < skb->len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:365: path: Condition "bytes > skb->len - off", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:371: unlock: Unlocking "&vvs->rx_lock". "tmp" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:374: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:381: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:363: path: Condition "off < skb->len", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:382: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:377: lockagain: Locking "&vvs->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:357: use: Using an unreliable value of "tmp" inside the second locked section. If the data that "tmp" depends on was changed by another thread, this use might be incorrect. +# 355| spin_lock_bh(&vvs->rx_lock); +# 356| +# 357|-> skb_queue_walk_safe(&vvs->rx_queue, skb, tmp) { +# 358| off = 0; +# 359| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:405: lock: Locking "&vvs->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "__ret_cond", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "!!__ret_once", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "({...; !!__ret_once;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "!!__ret_do_once", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "({...; !!__ret_do_once;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:413: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:413: path: Condition "!skb_queue_empty(&vvs->rx_queue)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:417: path: Condition "bytes > skb->len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:418: def: Assigning data that might be protected by the lock to "bytes". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:423: unlock: Unlocking "&vvs->rx_lock". "bytes" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:426: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:429: lockagain: Locking "&vvs->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:432: use: Using an unreliable value of "bytes" inside the second locked section. If the data that "bytes" depends on was changed by another thread, this use might be incorrect. +# 430| +# 431| total += bytes; +# 432|-> skb_pull(skb, bytes); +# 433| +# 434| if (skb->len == 0) { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:405: lock: Locking "&vvs->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "__ret_cond", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "!!__ret_once", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "({...; !!__ret_once;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "!!__ret_do_once", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:407: path: Condition "({...; !!__ret_do_once;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:413: path: Condition "total < len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:413: path: Condition "!skb_queue_empty(&vvs->rx_queue)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:414: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:417: path: Condition "bytes > skb->len", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:423: unlock: Unlocking "&vvs->rx_lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:426: path: Condition "err", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:429: lockagain: Locking "&vvs->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:432: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 430| +# 431| total += bytes; +# 432|-> skb_pull(skb, bytes); +# 433| +# 434| if (skb->len == 0) { + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:476: lock: Locking "&vvs->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:478: path: Condition "vvs->msg_count == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:483: path: Condition "!msg_ready", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:488: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:491: def: Assigning data that might be protected by the lock to "pkt_len". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:493: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:496: path: Condition "__UNIQUE_ID___x492 < __UNIQUE_ID___y493", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:498: path: Condition "bytes_to_copy", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:504: unlock: Unlocking "&vvs->rx_lock". "pkt_len" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:507: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:512: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:519: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:523: path: Condition "(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:527: path: Condition "(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOR", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:516: lockagain: Locking "&vvs->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:531: use: Using an unreliable value of "pkt_len" inside the second locked section. If the data that "pkt_len" depends on was changed by another thread, this use might be incorrect. +# 529| } +# 530| +# 531|-> virtio_transport_dec_rx_pkt(vvs, pkt_len); +# 532| kfree_skb(skb); +# 533| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:478: path: Condition "vvs->msg_count == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:483: path: Condition "!msg_ready", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:488: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:493: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:496: path: Condition "__UNIQUE_ID___x492 < __UNIQUE_ID___y493", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:498: path: Condition "bytes_to_copy", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:507: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:512: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:516: lock: Locking "&vvs->rx_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:519: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:523: path: Condition "(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:533: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:483: path: Condition "!msg_ready", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:487: def: Assigning data that might be protected by the lock to "skb". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:488: path: Condition "!skb", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:493: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:496: path: Condition "__UNIQUE_ID___x492 < __UNIQUE_ID___y493", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:498: path: Condition "bytes_to_copy", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:504: unlock: Unlocking "&vvs->rx_lock". "skb" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:507: path: Condition "err", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:512: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:519: path: Condition "dequeued_len >= 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:523: path: Condition "(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:516: lockagain: Locking "&vvs->rx_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c:532: use: Using an unreliable value of "skb" inside the second locked section. If the data that "skb" depends on was changed by another thread, this use might be incorrect. +# 530| +# 531| virtio_transport_dec_rx_pkt(vvs, pkt_len); +# 532|-> kfree_skb(skb); +# 533| } +# 534| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:192: path: Condition "limit > key_gc_delay", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:193: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:200: path: Condition "test_and_clear_bit(0, &key_gc_flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:203: path: Condition "test_and_clear_bit(1, &key_gc_flags)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:213: lock: Locking "&key_serial_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:217: path: Condition "cursor", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:219: def: Assigning data that might be protected by the lock to "cursor". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:221: path: Condition "refcount_read(&key->usage) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:222: path: Jumping to label "found_unreferenced_key". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:332: unlock: Unlocking "&key_serial_lock". "cursor" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:336: path: Jumping to label "maybe_resched". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:267: path: Condition "cursor", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:270: path: Jumping to label "continue_scanning". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:217: path: Condition "cursor", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:269: lockagain: Locking "&key_serial_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c:218: use: Using an unreliable value of "(void *)cursor" inside the second locked section. If the data that "(void *)cursor" depends on was changed by another thread, this use might be incorrect. +# 216| continue_scanning: +# 217| while (cursor) { +# 218|-> key = rb_entry(cursor, struct key, serial_node); +# 219| cursor = rb_next(cursor); +# 220| + +Error: RETURN_LOCAL (CWE-562): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1279: local_ptr_assign_local: Assigning: "iov" = "iovstack" (address of local variable "iovstack"). +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1283: path: Condition "!_payload_iov", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1286: identity_transfer: Passing "iov" as argument 5 to function "import_iovec", which returns that argument. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1286: local_ptr_assign_ptr: Assigning: "ret" = "import_iovec(1, _payload_iov, ioc, 8U, &iov, &from)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1288: path: Condition "ret < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c:1289: return_local_addr_alias: Returning pointer "ret" which points to local variable "iovstack". +# 1287| ARRAY_SIZE(iovstack), &iov, &from); +# 1288| if (ret < 0) +# 1289|-> return ret; +# 1290| ret = keyctl_instantiate_key_common(id, &from, ringid); +# 1291| kfree(iov); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1420: path: Condition "isec->initialized == LABEL_INITIALIZED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1423: lock: Locking "&isec->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1424: path: Condition "isec->initialized == LABEL_INITIALIZED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1427: path: Condition "isec->sclass == 7", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1431: path: Condition "!(sbsec->flags & 0x100)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1444: def: Assigning data that might be protected by the lock to "sid". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1446: unlock: Unlocking "&isec->lock". "sid" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1448: path: Switch case value "7". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1455: path: Condition "!(inode->i_opflags & 8)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1461: path: Condition "opt_dentry", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1464: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1475: path: Condition "!dentry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1491: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1493: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1566: path: Condition "isec->initialized == LABEL_PENDING", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1567: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1565: lockagain: Locking "&isec->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1572: use: Using an unreliable value of "sid" inside the second locked section. If the data that "sid" depends on was changed by another thread, this use might be incorrect. +# 1570| } +# 1571| isec->initialized = LABEL_INITIALIZED; +# 1572|-> isec->sid = sid; +# 1573| } +# 1574| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1420: path: Condition "isec->initialized == LABEL_INITIALIZED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1423: lock: Locking "&isec->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1424: path: Condition "isec->initialized == LABEL_INITIALIZED", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1427: path: Condition "isec->sclass == 7", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1431: path: Condition "!(sbsec->flags & 0x100)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1444: def: Assigning data that might be protected by the lock to "sid". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1446: unlock: Unlocking "&isec->lock". "sid" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1448: path: Switch case value "7". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1455: path: Condition "!(inode->i_opflags & 8)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1461: path: Condition "opt_dentry", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1472: path: Condition "!dentry", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1473: unlock: Unlocking "inode->i_lock". "sid" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1475: path: Condition "!dentry", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1485: path: Jumping to label "out_invalid". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1581: path: Condition "isec->initialized == LABEL_PENDING", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1580: lockagain: Locking "&isec->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c:1583: use: Using an unreliable value of "sid" inside the second locked section. If the data that "sid" depends on was changed by another thread, this use might be incorrect. +# 1581| if (isec->initialized == LABEL_PENDING) { +# 1582| isec->initialized = LABEL_INVALID; +# 1583|-> isec->sid = sid; +# 1584| } +# 1585| spin_unlock(&isec->lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:429: lock: Locking "spinlock_check(&s->lock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:432: path: Condition "s->convert", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:437: def: Assigning data that might be protected by the lock to "count". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:443: path: Condition "sidtab_do_lookup(params->target, count - 1, 1)", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:444: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:456: unlock: Unlocking "&s->lock". "count" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:458: path: Condition "1 /* 1 && 1 */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:464: path: Condition "rc", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:475: lockagain: Locking "spinlock_check(&s->lock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c:476: use: Using an unreliable value of "count" inside the second locked section. If the data that "count" depends on was changed by another thread, this use might be incorrect. +# 474| */ +# 475| spin_lock_irqsave(&s->lock, flags); +# 476|-> sidtab_convert_hashtable(params->target, count); +# 477| spin_unlock_irqrestore(&s->lock, flags); +# 478| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:246: lock: Locking "&substream->lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:247: def: Assigning data that might be protected by the lock to "runtime". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:248: path: Condition "!substream->opened", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:248: path: Condition "!runtime", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:248: path: Condition "!runtime->buffer", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:254: unlock: Unlocking "&substream->lock". "runtime" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:255: path: Condition "err < 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:258: path: Condition "__cond", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:258: path: Condition "!__ret", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:258: path: Condition "__cond", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:258: path: Condition "!({...; __cond || !__ret;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:263: path: Condition "signal_pending(get_current())", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:265: path: Condition "runtime->avail < runtime->buffer_size", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:272: unlock: Unlocking "&substream->lock". "runtime" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:274: path: Condition "err != -512", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:283: lockagain: Locking "&substream->lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c:284: use: Using an unreliable value of "runtime" inside the second locked section. If the data that "runtime" depends on was changed by another thread, this use might be incorrect. +# 282| +# 283| spin_lock_irq(&substream->lock); +# 284|-> snd_rawmidi_buffer_unref(runtime); +# 285| spin_unlock_irq(&substream->lock); +# 286| + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:923: lock: Locking "&chip->reg_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:924: path: Switch case default. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:944: def: Assigning data that might be protected by the lock to "cnt". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:946: path: Condition "runtime->channels == 4", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:947: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:952: path: Condition "chip->device_type == DEVICE_NFORCE", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:956: path: Condition "cnt & 3145728", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:958: unlock: Unlocking "&chip->reg_lock". "cnt" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:962: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:960: lockagain: Locking "&chip->reg_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c:966: use: Using an unreliable value of "cnt" inside the second locked section. If the data that "cnt" depends on was changed by another thread, this use might be incorrect. +# 964| cnt |= ICH_PCM_20BIT; +# 965| } +# 966|-> iputdword(chip, ICHREG(GLOB_CNT), cnt); +# 967| break; +# 968| } + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3658: path: Condition "(audio_int & (40U /* ADDRESS_IRQ | MPU401_IRQ */)) == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3660: path: Condition "audio_int & ADDRESS_IRQ", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3662: lock: Locking "&trident->reg_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3665: path: Condition "chn_int == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3666: path: Jumping to label "__skip1". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3669: def: Assigning data that might be protected by the lock to "chn_int". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3670: path: Condition "chn_int == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3672: path: Condition "channel >= 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3674: path: Condition "(chn_int & mask) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3675: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3672: path: Condition "channel >= 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3674: path: Condition "(chn_int & mask) == 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3675: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3672: path: Condition "channel >= 32", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3674: path: Condition "(chn_int & mask) == 0", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3677: path: Condition "!voice->pcm", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3677: path: Condition "voice->substream == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3682: path: Condition "delta < 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3684: path: Condition "(unsigned int)delta < voice->spurious_threshold", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3692: path: Condition "voice->isync", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3693: path: Condition "!voice->isync3", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3695: path: Condition "trident->bDMAStart & 0x40", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3697: path: Condition "tmp > 0", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3699: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3702: path: Condition "tmp < voice->isync_mark", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3703: path: Condition "tmp > 16", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3704: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3712: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3728: unlock: Unlocking "&trident->reg_lock". "chn_int" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3731: path: Jumping back to the beginning of the loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3672: path: Condition "channel >= 32", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3730: lockagain: Locking "&trident->reg_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c:3732: use: Using an unreliable value of "chn_int" inside the second locked section. If the data that "chn_int" depends on was changed by another thread, this use might be incorrect. +# 3730| spin_lock(&trident->reg_lock); +# 3731| } +# 3732|-> outl(chn_int, TRID_REG(trident, T4D_AINT_B)); /* ack */ +# 3733| __skip2: +# 3734| spin_unlock(&trident->reg_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:625: path: Condition "!(status & chip->intr_mask)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:633: lock: Locking "&chip->reg_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:634: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:637: path: Condition "!(c_status & (7 /* (2 | 1) | 4 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:638: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:634: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:637: path: Condition "!(c_status & (7 /* (2 | 1) | 4 */))", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:638: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:634: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:636: def: Assigning data that might be protected by the lock to "c_status". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:637: path: Condition "!(c_status & (7 /* (2 | 1) | 4 */))", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:639: path: Condition "viadev->substream", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:639: path: Condition "viadev->running", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:645: path: Condition "c_status & 2", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:646: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:650: unlock: Unlocking "&chip->reg_lock". "c_status" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:652: lockagain: Locking "&chip->reg_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c:655: use: Using an unreliable value of "c_status" inside the second locked section. If the data that "c_status" depends on was changed by another thread, this use might be incorrect. +# 653| viadev->in_interrupt = 0; +# 654| } +# 655|-> outb(c_status, VIADEV_REG(viadev, OFFSET_STATUS)); /* ack */ +# 656| } +# 657| spin_unlock(&chip->reg_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:480: path: Condition "!(status & chip->intr_mask)", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:486: lock: Locking "&chip->reg_lock". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:487: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:491: path: Condition "!c_status", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:492: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:487: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:491: path: Condition "!c_status", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:492: path: Continuing loop. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:487: path: Condition "i < chip->num_devs", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:489: def: Assigning data that might be protected by the lock to "c_status". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:491: path: Condition "!c_status", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:493: path: Condition "viadev->substream", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:493: path: Condition "viadev->running", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:494: unlock: Unlocking "&chip->reg_lock". "c_status" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:496: lockagain: Locking "&chip->reg_lock" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c:498: use: Using an unreliable value of "c_status" inside the second locked section. If the data that "c_status" depends on was changed by another thread, this use might be incorrect. +# 496| spin_lock(&chip->reg_lock); +# 497| } +# 498|-> outb(c_status, VIADEV_REG(viadev, OFFSET_STATUS)); /* ack */ +# 499| } +# 500| spin_unlock(&chip->reg_lock); + +Error: ATOMICITY (CWE-667): +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:442: lock: Locking "spinlock_check(&ipc->dsp->spinlock)". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:443: def: Assigning data that might be protected by the lock to "msg". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:444: unlock: Unlocking "&ipc->dsp->spinlock". "msg" might now be unreliable because other threads can now change the data that it depends on. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:445: path: Condition "msg == NULL", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:452: path: Condition "reply == IPC_GLB_REPLY_SUCCESS", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:453: path: Condition "0 /* __builtin_types_compatible_p() */", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:453: path: Condition "1 /* __builtin_types_compatible_p() */", taking true branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:453: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:453: path: Condition "!!branch", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:453: path: Condition "({...; !!branch;})", taking false branch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:456: path: Switch case value "IPC_GLB_LOAD_MULTIPLE_MODS". +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:462: path: Breaking from switch. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:468: path: Falling through to end of if statement. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:484: lockagain: Locking "spinlock_check(&ipc->dsp->spinlock)" again. +kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c:485: use: Using an unreliable value of "msg" inside the second locked section. If the data that "msg" depends on was changed by another thread, this use might be incorrect. +# 483| +# 484| spin_lock_irqsave(&ipc->dsp->spinlock, flags); +# 485|-> sst_ipc_tx_msg_reply_complete(ipc, msg); +# 486| spin_unlock_irqrestore(&ipc->dsp->spinlock, flags); +# 487| } + +Error: PATH_MANIPULATION (CWE-22): +libgtop-2.40.0/src/daemon/main.c:47: path: Condition "verbose_output", taking true branch. +libgtop-2.40.0/src/daemon/main.c:51: path: Condition "enable_debug", taking true branch. +libgtop-2.40.0/src/daemon/main.c:58: tainted_argument: Calling function "do_read" taints argument "*cmnd". +libgtop-2.40.0/src/daemon/main.c:58: path: Condition "do_read(s, cmnd, 40UL /* sizeof (glibtop_command) */)", taking true branch. +libgtop-2.40.0/src/daemon/main.c:59: path: Condition "enable_debug", taking true branch. +libgtop-2.40.0/src/daemon/main.c:64: path: Condition "cmnd->data_size >= 8192", taking false branch. +libgtop-2.40.0/src/daemon/main.c:75: path: Condition "cmnd->data_size", taking false branch. +libgtop-2.40.0/src/daemon/main.c:82: path: Condition "cmnd->size", taking true branch. +libgtop-2.40.0/src/daemon/main.c:83: identity_transfer: Passing "cmnd->parameter" as argument 2 to function "memcpy", which sets "*parameter" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.] +libgtop-2.40.0/src/daemon/main.c:83: tainted_data_transitive: Call to function "memcpy" with tainted argument "cmnd->parameter" transitively taints "parameter". [Note: The source code implementation of the function has been overridden by a builtin model.] +libgtop-2.40.0/src/daemon/main.c:86: path: Switch case value "11". +libgtop-2.40.0/src/daemon/main.c:169: identity_transfer: Passing "parameter" as argument 2 to function "memcpy", which sets "pid" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.] +libgtop-2.40.0/src/daemon/main.c:169: tainted_data_transitive: Call to function "memcpy" with tainted argument "parameter" transitively taints "pid". [Note: The source code implementation of the function has been overridden by a builtin model.] +libgtop-2.40.0/src/daemon/main.c:170: path_manipulation_sink: Constructing a path or URI using the tainted value "pid" and passing it to "glibtop_get_proc_state_l". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +libgtop-2.40.0/src/daemon/main.c:170: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 168| case GLIBTOP_CMND_PROC_STATE: +# 169| memcpy (&pid, parameter, sizeof (pid_t)); +# 170|-> glibtop_get_proc_state_l +# 171| (server, &resp->u.data.proc_state, pid); +# 172| do_output (s, resp, _offset_data (proc_state), 0, NULL); + +Error: STRING_OVERFLOW (CWE-120): +liblouis-3.16.1/tools/lou_trace.c:103: returned_string: "_lou_showDots" returns a source buffer of 2048 characters in size. +liblouis-3.16.1/tools/lou_trace.c:103: string_overflow: You might overrun the 512-character destination string "dots" by writing 2048 characters from "_lou_showDots(buffer, length)". +# 101| print_dots(const widechar *buffer, int length) { +# 102| static char dots[BUFSIZE]; +# 103|-> strcpy(dots, _lou_showDots(buffer, length)); +# 104| return dots; +# 105| } + +Error: STRING_OVERFLOW (CWE-120): +liblouis-3.16.1/tools/lou_trace.c:117: returned_string: "_lou_showAttributes" returns a source buffer of 2048 characters in size. +liblouis-3.16.1/tools/lou_trace.c:117: string_overflow: You might overrun the 512-character destination string "attr" by writing 2048 characters from "_lou_showAttributes(a)". +# 115| print_attributes(unsigned int a) { +# 116| static char attr[BUFSIZE]; +# 117|-> strcpy(attr, _lou_showAttributes(a)); +# 118| return attr; +# 119| } + +Error: WRITE_CONST_FIELD (CWE-843): +libocxl-1.2.1/src/include/libocxl.h:68: field_definition: A const-qualified field is defined. +libocxl-1.2.1/src/afu.c:210: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 208| static void afu_init(ocxl_afu *afu) +# 209| { +# 210|-> memset((char *)afu->identifier.afu_name, '\0', sizeof(afu->identifier.afu_name)); +# 211| afu->device_path = NULL; +# 212| afu->sysfs_path = NULL; + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka.c:1148: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1154: path: Condition "rk->rk_background.thread", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1161: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1176: lock: Locking "&rk->rk_lock". +librdkafka-1.6.1/src/rdkafka.c:1178: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1180: path: Condition "rkt != NULL", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1180: def: Assigning data that might be protected by the lock to "rkt_tmp". +librdkafka-1.6.1/src/rdkafka.c:1180: path: Condition "(rkt_tmp = rkt->rkt_link.tqe_next) , 1", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1181: unlock: Unlocking "&rk->rk_lock". "rkt_tmp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:1182: unlock: Unlocking "rkt->rkt_lock". "rkt_tmp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:1184: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka.c:1183: lockagain: Locking "&rk->rk_lock" again. +librdkafka-1.6.1/src/rdkafka.c:1180: use: Using an unreliable value of "rkt_tmp" inside the second locked section. If the data that "rkt_tmp" depends on was changed by another thread, this use might be incorrect. +# 1178| rd_kafka_dbg(rk, ALL, "DESTROY", "Removing all topics"); +# 1179| /* Decommission all topics */ +# 1180|-> TAILQ_FOREACH_SAFE(rkt, &rk->rk_topics, rkt_link, rkt_tmp) { +# 1181| rd_kafka_wrunlock(rk); +# 1182| rd_kafka_topic_partitions_remove(rkt); + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka.c:1148: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1154: path: Condition "rk->rk_background.thread", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1161: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1176: lock: Locking "&rk->rk_lock". +librdkafka-1.6.1/src/rdkafka.c:1178: path: Condition "rk->rk_conf.debug & 0xfffff", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1180: path: Condition "rkt != NULL", taking false branch. +librdkafka-1.6.1/src/rdkafka.c:1189: path: Condition "rkb != NULL", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1189: def: Assigning data that might be protected by the lock to "rkb_tmp". +librdkafka-1.6.1/src/rdkafka.c:1189: path: Condition "(rkb_tmp = rkb->rkb_link.tqe_next) , 1", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1194: unlock: Unlocking "&rk->rk_lock". "rkb_tmp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:1196: path: Condition "rk->rk_conf.debug & 2", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1196: unlock: Unlocking "rkb->rkb_logname_lock". "rkb_tmp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:1201: unlock: Unlocking "rkb->rkb_ops->rkq_lock". "rkb_tmp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:1206: path: Condition "rk->rk_conf.term_sig", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1210: path: Condition "rd_refcnt_sub0(&rkb->rkb_refcnt) > 0", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:1210: path: Breaking from loop. +librdkafka-1.6.1/src/rdkafka.c:1213: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka.c:1212: lockagain: Locking "&rk->rk_lock" again. +librdkafka-1.6.1/src/rdkafka.c:1189: use: Using an unreliable value of "rkb_tmp" inside the second locked section. If the data that "rkb_tmp" depends on was changed by another thread, this use might be incorrect. +# 1187| * Broker thread holds a refcount and detects when broker refcounts +# 1188| * reaches 1 and then decommissions itself. */ +# 1189|-> TAILQ_FOREACH_SAFE(rkb, &rk->rk_brokers, rkb_link, rkb_tmp) { +# 1190| /* Add broker's thread to wait_thrds list for later joining */ +# 1191| thrd = malloc(sizeof(*thrd)); + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka.c:2661: lock: "mtx_lock" locks "rktp->rktp_lock". +librdkafka-1.6.1/src/rdkafka.c:2662: locked_destroy: "rd_kafka_toppar_desired_del" destroys "rktp->rktp_lock" while it is locked. +# 2660| rd_kafka_topic_wrlock(rktp->rktp_rkt); +# 2661| rd_kafka_toppar_lock(rktp); +# 2662|-> rd_kafka_toppar_desired_del(rktp); +# 2663| rd_kafka_toppar_unlock(rktp); +# 2664| rd_kafka_topic_wrunlock(rktp->rktp_rkt); + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka.c:2685: path: Condition "partition == -1 /* (int32_t)-1 */", taking false branch. +librdkafka-1.6.1/src/rdkafka.c:2690: lock: Locking "&rkt->rkt_lock". +librdkafka-1.6.1/src/rdkafka.c:2691: path: Condition "!(rktp = rd_kafka_toppar_get0(, 2691, rkt, partition, 0))", taking true branch. +librdkafka-1.6.1/src/rdkafka.c:2691: def: Assigning data that might be protected by the lock to "rktp". +librdkafka-1.6.1/src/rdkafka.c:2691: path: Condition "!(rktp = rd_kafka_toppar_desired_get(rkt, partition))", taking false branch. +librdkafka-1.6.1/src/rdkafka.c:2698: unlock: Unlocking "&rkt->rkt_lock". "rktp" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka.c:2700: lockagain: Locking "rktp->rktp_lock" again. +librdkafka-1.6.1/src/rdkafka.c:2703: use: Using an unreliable value of "rktp" inside the second locked section. If the data that "rktp" depends on was changed by another thread, this use might be incorrect. +# 2701| /* set_last_error() called by stop0() */ +# 2702| +# 2703|-> rd_kafka_toppar_destroy(rktp); +# 2704| +# 2705| return r; + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_admin.c:651: path: Condition "rko->rko_u.admin_request.eonce", taking true branch. +librdkafka-1.6.1/src/rdkafka_admin.c:654: path: Condition "timer_was_stopped", taking true branch. +librdkafka-1.6.1/src/rdkafka_admin.c:655: destroy: "rd_kafka_enq_once_del_source" destroys "rko->rko_u.admin_request.eonce->lock". +librdkafka-1.6.1/src/rdkafka_admin.c:663: uninitialized_use: "rd_kafka_enq_once_destroy" uses "rko->rko_u.admin_request.eonce->lock" in an uninitialized state. +# 661| * not the rko (the eonce holds a reference to the rko but +# 662| * it is cleared here). */ +# 663|-> rd_kafka_enq_once_destroy(rko->rko_u.admin_request.eonce); +# 664| rko->rko_u.admin_request.eonce = NULL; +# 665| } + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_assignment.c:321: path: Condition "rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:336: path: Condition "rktp->rktp_started", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:338: path: Condition "!(rk->rk_consumer.assignment.started_cnt > 0)", taking false branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:357: path: Condition "!(rktpar->offset < 0)", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "rk->rk_conf.debug & 0x100", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "rktp->rktp_started", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "was_pending", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "was_queried", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:379: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_assignment.c:321: path: Condition "rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:336: path: Condition "rktp->rktp_started", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:338: path: Condition "!(rk->rk_consumer.assignment.started_cnt > 0)", taking false branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:357: path: Condition "!(rktpar->offset < 0)", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "rk->rk_conf.debug & 0x100", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "rktp->rktp_started", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "was_pending", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:370: path: Condition "was_queried", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:379: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_assignment.c:321: path: Condition "rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:336: path: Condition "rktp->rktp_started", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:338: path: Condition "!(rk->rk_consumer.assignment.started_cnt > 0)", taking false branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:352: lock: "mtx_lock" locks "rktp->rktp_lock". +librdkafka-1.6.1/src/rdkafka_assignment.c:357: path: Condition "!(rktpar->offset < 0)", taking true branch. +librdkafka-1.6.1/src/rdkafka_assignment.c:367: locked_destroy: "rd_kafka_toppar_desired_del" destroys "rktp->rktp_lock" while it is locked. +# 365| +# 366| /* Partition is no longer desired */ +# 367|-> rd_kafka_toppar_desired_del(rktp); +# 368| rd_kafka_toppar_unlock(rktp); +# 369| + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka_broker.c:5646: path: Condition "!(rkb->rkb_source == RD_KAFKA_LOGICAL)", taking false branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5648: path: Condition "!(rkb != from_rkb)", taking false branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5651: path: Condition "from_rkb", taking true branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5652: lock: Locking "&from_rkb->rkb_lock". +librdkafka-1.6.1/src/rdkafka_broker.c:5654: def: Assigning data that might be protected by the lock to "nodeid". +librdkafka-1.6.1/src/rdkafka_broker.c:5655: unlock: Unlocking "&from_rkb->rkb_lock". "nodeid" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka_broker.c:5656: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_broker.c:5663: path: Condition "strcmp(rkb->rkb_nodename, nodename)", taking true branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5664: path: Condition "rkb->rkb_rk->rk_conf.debug & 2", taking false branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5673: path: Condition "rkb->rkb_nodeid != nodeid", taking true branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5674: path: Condition "rkb->rkb_rk->rk_conf.debug & 2", taking false branch. +librdkafka-1.6.1/src/rdkafka_broker.c:5662: lockagain: Locking "&rkb->rkb_lock" again. +librdkafka-1.6.1/src/rdkafka_broker.c:5677: use: Using an unreliable value of "nodeid" inside the second locked section. If the data that "nodeid" depends on was changed by another thread, this use might be incorrect. +# 5675| "Broker nodeid changed from %"PRId32" to %"PRId32, +# 5676| rkb->rkb_nodeid, nodeid); +# 5677|-> rkb->rkb_nodeid = nodeid; +# 5678| } +# 5679| + +Error: WRITE_CONST_FIELD (CWE-843): +librdkafka-1.6.1/src/rdkafka_proto.h:380: field_definition: A const-qualified field is defined. +librdkafka-1.6.1/src/rdkafka_cgrp.c:5312: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 5310| /* Empty assignment. */ +# 5311| assignment = rd_kafka_topic_partition_list_new(0); +# 5312|-> memset(&UserData, 0, sizeof(UserData)); +# 5313| goto done; +# 5314| } + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_idempotence.c:198: path: Condition "rd_kafka_fatal_error_code(rk)", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:202: path: Switch case value "RD_KAFKA_IDEMP_STATE_REQ_PID". +librdkafka-1.6.1/src/rdkafka_idempotence.c:215: path: Condition "!(rk->rk_conf.eos.transactional_id != NULL)", taking true branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:219: path: Jumping to label "redo". +librdkafka-1.6.1/src/rdkafka_idempotence.c:202: path: Switch case value "RD_KAFKA_IDEMP_STATE_WAIT_TRANSPORT". +librdkafka-1.6.1/src/rdkafka_idempotence.c:233: path: Condition "rk->rk_conf.eos.transactional_id != NULL", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:245: path: Condition "!rkb", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:250: path: Condition "!rkb", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:250: path: Condition "!rd_kafka_broker_is_up(rkb)", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:264: path: Condition "rkb->rkb_rk->rk_conf.debug & 0x8000", taking true branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:266: path: Condition "rk->rk_conf.eos.transactional_id != NULL", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:266: path: Condition "rk->rk_eos.pid.id != -1", taking true branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:277: path: Condition "rd_refcnt_sub0(&rkb->rkb_refcnt) > 0", taking false branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:277: destroy: "rd_kafka_broker_destroy_final" destroys "rkb->rkb_logname_lock". +librdkafka-1.6.1/src/rdkafka_idempotence.c:279: path: Condition "err", taking true branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:280: path: Condition "rkb->rkb_rk->rk_conf.debug & 0x8000", taking true branch. +librdkafka-1.6.1/src/rdkafka_idempotence.c:280: uninitialized_use: "mtx_lock" uses "rkb->rkb_logname_lock" in an uninitialized state. +# 278| +# 279| if (err) { +# 280|-> rd_rkb_dbg(rkb, EOS, "GETPID", +# 281| "Can't acquire ProducerId from " +# 282| "this broker: %s", errstr); + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_partition.c:3540: path: Condition "!((rko->rko_type & 2684354559U /* ~((int)(1 << 29) | (int)(1 << 30)) */) == RD_KAFKA_OP_LEADERS)", taking false branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3542: path: Condition "rko->rko_err", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3543: path: Jumping to label "reply". +librdkafka-1.6.1/src/rdkafka_partition.c:3623: path: Condition "rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.query_tmr, RD_DO_LOCK)", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3626: destroy: "rd_kafka_enq_once_del_source" destroys "rko->rko_u.leaders.eonce->lock". +librdkafka-1.6.1/src/rdkafka_partition.c:3628: path: Condition "rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.timeout_tmr, RD_DO_LOCK)", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3631: uninitialized_use: "rd_kafka_enq_once_del_source" uses "rko->rko_u.leaders.eonce->lock" in an uninitialized state. +# 3629| &rko->rko_u.leaders.timeout_tmr, +# 3630| RD_DO_LOCK)) +# 3631|-> rd_kafka_enq_once_del_source(rko->rko_u.leaders.eonce, +# 3632| "timeout timer"); +# 3633| + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_partition.c:3540: path: Condition "!((rko->rko_type & 2684354559U /* ~((int)(1 << 29) | (int)(1 << 30)) */) == RD_KAFKA_OP_LEADERS)", taking false branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3542: path: Condition "rko->rko_err", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3543: path: Jumping to label "reply". +librdkafka-1.6.1/src/rdkafka_partition.c:3623: path: Condition "rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.query_tmr, RD_DO_LOCK)", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3626: destroy: "rd_kafka_enq_once_del_source" destroys "rko->rko_u.leaders.eonce->lock". +librdkafka-1.6.1/src/rdkafka_partition.c:3628: path: Condition "rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.timeout_tmr, RD_DO_LOCK)", taking false branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3634: path: Condition "rko->rko_u.leaders.eonce", taking true branch. +librdkafka-1.6.1/src/rdkafka_partition.c:3635: uninitialized_use: "rd_kafka_enq_once_disable" uses "rko->rko_u.leaders.eonce->lock" in an uninitialized state. +# 3633| +# 3634| if (rko->rko_u.leaders.eonce) { +# 3635|-> rd_kafka_enq_once_disable(rko->rko_u.leaders.eonce); +# 3636| rko->rko_u.leaders.eonce = NULL; +# 3637| } + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka_timer.c:255: lock: Locking "rkts->rkts_lock". +librdkafka-1.6.1/src/rdkafka_timer.c:257: path: Condition "!(rd_atomic32_get(&rkts->rkts_rk->rk_terminate) & 1)", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:257: path: Condition "now <= end", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:261: path: Condition "timeout_us != 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:266: path: Condition "sleeptime > 0", taking false branch. +librdkafka-1.6.1/src/rdkafka_timer.c:276: def: Assigning data that might be protected by the lock to "rtmr". +librdkafka-1.6.1/src/rdkafka_timer.c:276: path: Condition "rtmr = rkts->rkts_timers.tqh_first", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:276: path: Condition "rtmr->rtmr_next <= now", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:283: path: Condition "rtmr->rtmr_oneshot", taking true branch. +librdkafka-1.6.1/src/rdkafka_timer.c:286: unlock: Unlocking "rkts->rkts_lock". "rtmr" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka_timer.c:290: lockagain: Locking "rkts->rkts_lock" again. +librdkafka-1.6.1/src/rdkafka_timer.c:294: use: Using an unreliable value of "rtmr" inside the second locked section. If the data that "rtmr" depends on was changed by another thread, this use might be incorrect. +# 292| /* Restart timer, unless it has been stopped, or +# 293| * already reschedueld (start()ed) from callback. */ +# 294|-> if (rd_kafka_timer_started(rtmr) && +# 295| !rd_kafka_timer_scheduled(rtmr)) +# 296| rd_kafka_timer_schedule(rkts, rtmr, 0); + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka_topic.c:713: lock: Locking "&rktp->rktp_lock". +librdkafka-1.6.1/src/rdkafka_topic.c:715: path: Condition "!(rktp->rktp_leader_id != rktp->rktp_broker_id)", taking false branch. +librdkafka-1.6.1/src/rdkafka_topic.c:717: path: Condition "rktp->rktp_rkt->rkt_rk->rk_conf.debug & 4", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:723: def: Assigning data that might be protected by the lock to "leader". +librdkafka-1.6.1/src/rdkafka_topic.c:726: unlock: Unlocking "&rktp->rktp_lock". "leader" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka_topic.c:727: unlock: Unlocking "&rktp->rktp_rkt->rkt_rk->rk_lock". "leader" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka_topic.c:729: lockagain: Locking "&rktp->rktp_lock" again. +librdkafka-1.6.1/src/rdkafka_topic.c:730: use: Using an unreliable value of "leader" inside the second locked section. If the data that "leader" depends on was changed by another thread, this use might be incorrect. +# 728| +# 729| rd_kafka_toppar_lock(rktp); +# 730|-> r = rd_kafka_toppar_broker_update( +# 731| rktp, rktp->rktp_leader_id, leader, +# 732| "reverting from preferred replica to leader"); + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_topic.c:757: path: Condition "rkt->rkt_partition_cnt == partition_cnt", taking false branch. +librdkafka-1.6.1/src/rdkafka_topic.c:760: path: Condition "rkt->rkt_partition_cnt != 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:760: path: Condition "!(rd_atomic32_get(&rkt->rkt_rk->rk_terminate) & 1)", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:766: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:776: path: Condition "partition_cnt > 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:777: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:781: path: Condition "i < partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:782: path: Condition "i >= rkt->rkt_partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:787: path: Condition "rktp", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:797: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:807: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:813: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_topic.c:781: path: Condition "i < partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:782: path: Condition "i >= rkt->rkt_partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:787: path: Condition "rktp", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:797: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:807: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_topic.c:813: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_topic.c:781: path: Condition "i < partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:782: path: Condition "i >= rkt->rkt_partition_cnt", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:787: path: Condition "rktp", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:788: lock: "mtx_lock" locks "rktp->rktp_lock". +librdkafka-1.6.1/src/rdkafka_topic.c:795: locked_destroy: "rd_kafka_toppar_desired_unlink" destroys "rktp->rktp_lock" while it is locked. +# 793| /* Remove from desp list since the +# 794| * partition is now known. */ +# 795|-> rd_kafka_toppar_desired_unlink(rktp); +# 796| rd_kafka_toppar_unlock(rktp); +# 797| } else { + +Error: LOCK (CWE-667): +librdkafka-1.6.1/src/rdkafka_topic.c:1325: path: Condition "rktp = rd_list_elem(partitions, i)", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1331: path: Condition "rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1332: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_topic.c:1325: path: Condition "rktp = rd_list_elem(partitions, i)", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1331: path: Condition "rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1332: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_topic.c:1325: path: Condition "rktp = rd_list_elem(partitions, i)", taking false branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1345: path: Condition "i >= 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1345: path: Condition "rktp = rd_list_elem(&rkt->rkt_desp, i)", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1353: path: Condition "rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1354: path: Jumping back to the beginning of the loop. +librdkafka-1.6.1/src/rdkafka_topic.c:1345: path: Condition "i >= 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1345: path: Condition "rktp = rd_list_elem(&rkt->rkt_desp, i)", taking true branch. +librdkafka-1.6.1/src/rdkafka_topic.c:1349: lock: "mtx_lock" locks "rktp->rktp_lock". +librdkafka-1.6.1/src/rdkafka_topic.c:1350: locked_destroy: "rd_kafka_toppar_desired_del" destroys "rktp->rktp_lock" while it is locked. +# 1348| +# 1349| rd_kafka_toppar_lock(rktp); +# 1350|-> rd_kafka_toppar_desired_del(rktp); +# 1351| rd_kafka_toppar_unlock(rktp); +# 1352| + +Error: ATOMICITY (CWE-667): +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2745: path: Condition "err", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2748: path: Condition "request->rkbuf_reqhdr.ApiVersion >= 1", taking true branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2749: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2751: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2753: path: Condition "request->rkbuf_reqhdr.ApiVersion >= 1", taking true branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "rkbuf->rkbuf_flags & 0x40", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "ErrorMsg.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "ErrorMsg.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "ErrorMsg.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Condition "((ErrorMsg.len == -1) ? 0 : ErrorMsg.len) == 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2755: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2756: path: Condition "ErrorCode", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2761: path: Condition "err = ErrorCode", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2764: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "rkbuf->rkbuf_flags & 0x40", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "Host.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "Host.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "Host.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Condition "((Host.len == -1) ? 0 : Host.len) == 0", taking true branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2765: path: Falling through to end of if statement. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2766: path: Condition "!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2768: path: Condition "rkb->rkb_rk->rk_conf.debug & 0x8000", taking true branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2768: path: Condition "Host.len == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2773: lock: Locking "&rk->rk_lock". +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2774: path: Condition "NodeId == -1", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2776: def: Assigning data that might be protected by the lock to "rkb". +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2776: path: Condition "!(rkb = rd_kafka_broker_find_by_nodeid0_fl(, 2776, rk, NodeId, -1, 0))", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2782: unlock: Unlocking "&rk->rk_lock". "rkb" might now be unreliable because other threads can now change the data that it depends on. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2784: path: Condition "err", taking false branch. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2787: lockagain: Locking "&rk->rk_lock" again. +librdkafka-1.6.1/src/rdkafka_txnmgr.c:2788: use: Using an unreliable value of "rkb" inside the second locked section. If the data that "rkb" depends on was changed by another thread, this use might be incorrect. +# 2786| +# 2787| rd_kafka_wrlock(rk); +# 2788|-> rd_kafka_txn_coord_set(rk, rkb, "FindCoordinator response"); +# 2789| rd_kafka_wrunlock(rk); +# 2790| + +Error: OVERRUN (CWE-119): +libsmi-0.4.8/tools/dump-svg.c:294: path: Condition "node->status == SMI_STATUS_DEPRECATED", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:294: path: Condition "!SHOW_DEPRECATED", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:294: path: Condition "!SHOW_DEPR_OBSOLETE", taking false branch. +libsmi-0.4.8/tools/dump-svg.c:294: path: Condition "node->status == SMI_STATUS_OBSOLETE", taking false branch. +libsmi-0.4.8/tools/dump-svg.c:301: path: Condition "!index", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:313: path: Condition "!index", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:314: path: Condition "node->access == SMI_ACCESS_NOT_ACCESSIBLE", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:316: path: Falling through to end of if statement. +libsmi-0.4.8/tools/dump-svg.c:322: path: Condition "!STATIC_OUTPUT", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:323: path: Condition "node->description", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:330: path: Condition "index", taking false branch. +libsmi-0.4.8/tools/dump-svg.c:351: path: Falling through to end of if statement. +libsmi-0.4.8/tools/dump-svg.c:356: path: Condition "!STATIC_OUTPUT", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:357: path: Condition "typeDescription = algGetTypeDescription(node)", taking true branch. +libsmi-0.4.8/tools/dump-svg.c:360: path: Condition "algGetTypeModule(node)", taking false branch. +libsmi-0.4.8/tools/dump-svg.c:376: strlen_assign: Setting variable "length" to the return value of strlen called with argument "tooltipDescription". +libsmi-0.4.8/tools/dump-svg.c:377: buffer_alloc: Calling allocating function "xmalloc" which allocates "length" bytes. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsmi-0.4.8/tools/dump-svg.c:377: var_assign: Assigning: "tooltip" = "xmalloc(length)". +libsmi-0.4.8/tools/dump-svg.c:378: strcpy_overrun: "strcpy", whose first argument "tooltip" has length equal to "strlen" of its second argument "tooltipDescription", will overrun its first argument because of the terminating null. +# 376| length = strlen(tooltipDescription); +# 377| tooltip = (char *)xmalloc(length); +# 378|-> strcpy(tooltip, tooltipDescription); +# 379| } +# 380| xfree(tooltipDescription); + +Error: STRING_OVERFLOW (CWE-120): +libsmi-0.4.8/tools/dump-types.c:438: path: Condition "smiType->basetype == SMI_BASETYPE_ENUM", taking false branch. +libsmi-0.4.8/tools/dump-types.c:438: path: Condition "smiType->basetype == SMI_BASETYPE_BITS", taking false branch. +libsmi-0.4.8/tools/dump-types.c:447: path: Condition "range", taking true branch. +libsmi-0.4.8/tools/dump-types.c:449: returned_string: "getValueString" returns a source buffer of 1024 characters in size. +libsmi-0.4.8/tools/dump-types.c:449: string_overflow: You might overrun the 40-character destination string "s1" by writing 1024 characters from "getValueString(&range->minValue, smiType)". +# 447| for(i = 0, range = smiGetFirstRange(smiType); +# 448| range ; range = smiGetNextRange(range), i++) { +# 449|-> strcpy(s1, getValueString(&range->minValue, smiType)); +# 450| strcpy(s2, getValueString(&range->maxValue, smiType)); +# 451| fprintf(f, "%s%s", (i == 0) ? " [" : ", ", s1); + +Error: STRING_OVERFLOW (CWE-120): +libsmi-0.4.8/tools/dump-types.c:438: path: Condition "smiType->basetype == SMI_BASETYPE_ENUM", taking false branch. +libsmi-0.4.8/tools/dump-types.c:438: path: Condition "smiType->basetype == SMI_BASETYPE_BITS", taking false branch. +libsmi-0.4.8/tools/dump-types.c:447: path: Condition "range", taking true branch. +libsmi-0.4.8/tools/dump-types.c:450: returned_string: "getValueString" returns a source buffer of 1024 characters in size. +libsmi-0.4.8/tools/dump-types.c:450: string_overflow: You might overrun the 40-character destination string "s2" by writing 1024 characters from "getValueString(&range->maxValue, smiType)". +# 448| range ; range = smiGetNextRange(range), i++) { +# 449| strcpy(s1, getValueString(&range->minValue, smiType)); +# 450|-> strcpy(s2, getValueString(&range->maxValue, smiType)); +# 451| fprintf(f, "%s%s", (i == 0) ? " [" : ", ", s1); +# 452| if (strcmp(s1, s2)) fprintf(f, "..%s", s2); + +Error: COMPILER_WARNING: +libsmi-0.4.8/tools/smidiff.c: scope_hint: In function 'cmpSmiValues' +libsmi-0.4.8/tools/smidiff.c:840:1: note: the ABI of passing union with 'long double' has changed in GCC 4.4 +# 838| */ +# 839| static int +# 840|-> cmpSmiValues( SmiValue a, SmiValue b ) +# 841| { +# 842| unsigned int i; + +Error: URL_MANIPULATION (CWE-918): +libsoup-2.72.0/examples/get.c:35: path: Condition "head", taking true branch. +libsoup-2.72.0/examples/get.c:38: path: Condition "loop", taking true branch. +libsoup-2.72.0/examples/get.c:42: path: Falling through to end of if statement. +libsoup-2.72.0/examples/get.c:47: path: Condition "!debug", taking true branch. +libsoup-2.72.0/examples/get.c:48: path: Condition "msg->status_code == SOUP_STATUS_SSL_FAILED", taking false branch. +libsoup-2.72.0/examples/get.c:55: path: Condition "!quiet", taking true branch. +libsoup-2.72.0/examples/get.c:59: path: Condition "msg->status_code >= 300", taking true branch. +libsoup-2.72.0/examples/get.c:59: path: Condition "msg->status_code < 400", taking true branch. +libsoup-2.72.0/examples/get.c:60: tainted_return_value: Function "soup_message_headers_get_one" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/examples/get.c:60: var_assign: Assigning: "header" = "soup_message_headers_get_one(msg->response_headers, "Location")", which taints "header". +libsoup-2.72.0/examples/get.c:62: path: Condition "header", taking true branch. +libsoup-2.72.0/examples/get.c:66: path: Condition "!debug", taking true branch. +libsoup-2.72.0/examples/get.c:66: path: Condition "!quiet", taking true branch. +libsoup-2.72.0/examples/get.c:69: url_manipulation_sink: Constructing a URL using the tainted value "*header" and passing it to "soup_uri_new_with_base". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/examples/get.c:69: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 67| g_print (" -> %s\n", header); +# 68| +# 69|-> uri = soup_uri_new_with_base (soup_message_get_uri (msg), header); +# 70| uri_string = soup_uri_to_string (uri, FALSE); +# 71| get_url (uri_string); + +Error: URL_MANIPULATION (CWE-918): +libsoup-2.72.0/examples/simple-proxy.c:287: tainted_return_value: Function "soup_message_get_uri" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/examples/simple-proxy.c:287: tainted_data_transitive: Call to function "soup_uri_to_string" with tainted argument "*soup_message_get_uri(msg)->fragment" transitively taints "*soup_uri_to_string(soup_message_get_uri(msg), 0)". +libsoup-2.72.0/examples/simple-proxy.c:287: var_assign: Assigning: "uristr" = "soup_uri_to_string(soup_message_get_uri(msg), 0)", which taints "uristr". +libsoup-2.72.0/examples/simple-proxy.c:291: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/examples/simple-proxy.c:291: path: Condition "msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_CONNECT : (({...}) , _SOUP_METHOD_CONNECT))", taking false branch. +libsoup-2.72.0/examples/simple-proxy.c:296: url_manipulation_sink: Constructing a URL using the tainted value "*uristr" and passing it to "soup_message_new". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/examples/simple-proxy.c:296: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 294| } +# 295| +# 296|-> msg2 = soup_message_new (msg->method, uristr); +# 297| soup_message_headers_foreach (msg->request_headers, copy_header, +# 298| msg2->request_headers); + +Error: PATH_MANIPULATION (CWE-22): +libsoup-2.72.0/libsoup/soup-request-file.c:128: path: Condition "file->priv->gfile", taking false branch. +libsoup-2.72.0/libsoup/soup-request-file.c:131: tainted_return_value: Function "soup_request_get_uri" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/libsoup/soup-request-file.c:131: var_assign: Assigning: "uri" = "soup_request_get_uri((SoupRequest *)g_type_check_instance_cast((GTypeInstance *)file, soup_request_get_type()))", which taints "uri". +libsoup-2.72.0/libsoup/soup-request-file.c:132: tainted_data_transitive: Call to function "soup_uri_decode" with tainted argument "*uri->path" transitively taints "*soup_uri_decode(uri->path)". +libsoup-2.72.0/libsoup/soup-request-file.c:132: var_assign: Assigning: "decoded_path" = "soup_uri_decode(uri->path)", which taints "decoded_path". +libsoup-2.72.0/libsoup/soup-request-file.c:138: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-request-file.c:138: path: Condition "uri->scheme == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_URI_SCHEME_RESOURCE : (({...}) , _SOUP_URI_SCHEME_RESOURCE))", taking false branch. +libsoup-2.72.0/libsoup/soup-request-file.c:145: path_manipulation_sink: Constructing a path or URI using the tainted value "*decoded_path" and passing it to "g_file_new_for_path". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +libsoup-2.72.0/libsoup/soup-request-file.c:145: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 143| g_free (uri_str); +# 144| } else +# 145|-> file->priv->gfile = g_file_new_for_path (decoded_path); +# 146| +# 147| g_free (decoded_path); + +Error: URL_MANIPULATION (CWE-918): +libsoup-2.72.0/libsoup/soup-session.c:1090: tainted_return_value: Function "soup_message_headers_get_one" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/libsoup/soup-session.c:1090: var_assign: Assigning: "new_loc" = "soup_message_headers_get_one(msg->response_headers, "Location")", which taints "new_loc". +libsoup-2.72.0/libsoup/soup-session.c:1092: path: Condition "!new_loc", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1094: url_manipulation_sink: Constructing a URL using the tainted value "*new_loc" and passing it to "soup_uri_new_with_base". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/libsoup/soup-session.c:1094: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 1092| if (!new_loc) +# 1093| return NULL; +# 1094|-> new_uri = soup_uri_new_with_base (soup_message_get_uri (msg), new_loc); +# 1095| if (!new_uri || !new_uri->host) { +# 1096| if (new_uri) + +Error: ATOMICITY (CWE-667): +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "soup_message_get_flags(item->msg) & SOUP_MESSAGE_NEW_CONNECTION", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "!(soup_message_get_flags(item->msg) & SOUP_MESSAGE_IDEMPOTENT)", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_GET : (({...}) , _SOUP_METHOD_GET))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_HEAD : (({...}) , _SOUP_METHOD_HEAD))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_OPTIONS : (({...}) , _SOUP_METHOD_OPTIONS))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_PROPFIND : (({...}) , _SOUP_METHOD_PROPFIND))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_TRACE : (({...}) , _SOUP_METHOD_TRACE))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_PUT : (({...}) , _SOUP_METHOD_PUT))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1903: path: Condition "item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_DELETE : (({...}) , _SOUP_METHOD_DELETE))", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1910: lock: Locking "&priv->conn_lock". +libsoup-2.72.0/libsoup/soup-session.c:1911: def: Assigning data that might be protected by the lock to "host". +libsoup-2.72.0/libsoup/soup-session.c:1912: path: Condition "1 /* !0 */", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1918: path: Condition "conn", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1918: path: Condition "item->async", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1921: path: Condition "my_should_cleanup", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1931: path: Jumping back to the beginning of the loop. +libsoup-2.72.0/libsoup/soup-session.c:1912: path: Condition "1 /* !0 */", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1918: path: Condition "conn", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1918: path: Condition "item->async", taking false branch. +libsoup-2.72.0/libsoup/soup-session.c:1921: path: Condition "my_should_cleanup", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1922: unlock: Unlocking "&priv->conn_lock". "host" might now be unreliable because other threads can now change the data that it depends on. +libsoup-2.72.0/libsoup/soup-session.c:1927: path: Continuing loop. +libsoup-2.72.0/libsoup/soup-session.c:1912: path: Condition "1 /* !0 */", taking true branch. +libsoup-2.72.0/libsoup/soup-session.c:1924: lockagain: Locking "&priv->conn_lock" again. +libsoup-2.72.0/libsoup/soup-session.c:1913: use: Using an unreliable value of "host" inside the second locked section. If the data that "host" depends on was changed by another thread, this use might be incorrect. +# 1911| host = get_host_for_message (session, item->msg); +# 1912| while (TRUE) { +# 1913|-> conn = get_connection_for_host (session, item, host, +# 1914| need_new_connection, +# 1915| ignore_connection_limits, + +Error: URL_MANIPULATION (CWE-918): +libsoup-2.72.0/libsoup/soup-socket.c:1758: path: Condition "!priv->gsock", taking false branch. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Condition "!addr", taking false branch. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Condition "!__inst", taking false branch. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Condition "__inst->g_class", taking true branch. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Condition "__inst->g_class->g_type == __t", taking true branch. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Falling through to end of if statement. +libsoup-2.72.0/libsoup/soup-socket.c:1761: path: Condition "!({...; __r;})", taking false branch. +libsoup-2.72.0/libsoup/soup-socket.c:1768: path: Condition "strcmp(g_proxy_address_get_protocol(paddr), "http") != 0", taking false branch. +libsoup-2.72.0/libsoup/soup-socket.c:1771: tainted_return_value: Function "g_proxy_address_get_uri" returns tainted data. +libsoup-2.72.0/libsoup/soup-socket.c:1771: url_manipulation_sink: Constructing a URL using the tainted value "*g_proxy_address_get_uri(paddr)" and passing it to "soup_uri_new". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/libsoup/soup-socket.c:1771: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 1769| return NULL; +# 1770| +# 1771|-> uri = soup_uri_new (g_proxy_address_get_uri (paddr)); +# 1772| g_object_unref (addr); +# 1773| return uri; + +Error: URL_MANIPULATION (CWE-918): +libsoup-2.72.0/tests/misc-test.c:32: tainted_return_value: Function "soup_message_get_uri" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.] +libsoup-2.72.0/tests/misc-test.c:32: var_assign: Assigning: "uri" = "soup_message_get_uri(msg)", which taints "uri". +libsoup-2.72.0/tests/misc-test.c:35: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/tests/misc-test.c:35: path: Condition "msg->method != (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_GET : (({...}) , _SOUP_METHOD_GET))", taking true branch. +libsoup-2.72.0/tests/misc-test.c:35: path: Condition "({...; gapg_temp_newval;})", taking true branch. +libsoup-2.72.0/tests/misc-test.c:35: path: Condition "msg->method != (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_POST : (({...}) , _SOUP_METHOD_POST))", taking false branch. +libsoup-2.72.0/tests/misc-test.c:40: path: Condition "!strcmp(path, "/redirect")", taking false branch. +libsoup-2.72.0/tests/misc-test.c:45: path: Condition "!strcmp(path, "/alias-redirect")", taking true branch. +libsoup-2.72.0/tests/misc-test.c:52: tainted_data_transitive: Call to function "soup_uri_copy" with tainted argument "*uri->query" transitively taints "*soup_uri_copy(uri)->query". +libsoup-2.72.0/tests/misc-test.c:52: var_assign: Assigning: "redirect_uri" = "soup_uri_copy(uri)", which taints "redirect_uri". +libsoup-2.72.0/tests/misc-test.c:54: path: Condition "!g_strcmp0(redirect_protocol, "https")", taking true branch. +libsoup-2.72.0/tests/misc-test.c:55: path: Falling through to end of if statement. +libsoup-2.72.0/tests/misc-test.c:59: tainted_data_transitive: Call to function "soup_uri_to_string" with tainted argument "*redirect_uri->query" transitively taints "*soup_uri_to_string(redirect_uri, 0)". +libsoup-2.72.0/tests/misc-test.c:59: var_assign: Assigning: "redirect_string" = "soup_uri_to_string(redirect_uri, 0)", which taints "redirect_string". +libsoup-2.72.0/tests/misc-test.c:61: url_manipulation_sink: Constructing a URL using the tainted value "*redirect_string" and passing it to "soup_message_set_redirect". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. +libsoup-2.72.0/tests/misc-test.c:61: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 59| redirect_string = soup_uri_to_string (redirect_uri, FALSE); +# 60| +# 61|-> soup_message_set_redirect (msg, SOUP_STATUS_FOUND, redirect_string); +# 62| g_free (redirect_string); +# 63| soup_uri_free (redirect_uri); + +Error: WRITE_CONST_FIELD (CWE-843): +libvorbis-1.3.7/lib/backends.h:116: field_definition: A const-qualified field is defined. +libvorbis-1.3.7/lib/res0.c:68: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 66| vorbis_info_residue0 *info=(vorbis_info_residue0 *)i; +# 67| if(info){ +# 68|-> memset(info,0,sizeof(*info)); +# 69| _ogg_free(info); +# 70| } + +Error: WRITE_CONST_FIELD (CWE-843): +libvorbis-1.3.7/lib/backends.h:116: field_definition: A const-qualified field is defined. +libvorbis-1.3.7/lib/vorbisenc.c:465: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 463| _ogg_malloc(sizeof(*r)); +# 464| +# 465|-> memcpy(r,res->res,sizeof(*r)); +# 466| if(ci->residues<=number)ci->residues=number+1; +# 467| + +Error: WRITE_CONST_FIELD (CWE-843): +LVM2.2.03.21/daemons/lvmpolld/lvmpolld-data-utils.h:48: field_definition: A const-qualified field is defined. +LVM2.2.03.21/daemons/lvmpolld/lvmpolld-data-utils.c:122: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 120| goto err; +# 121| +# 122|-> memcpy(pdlv, &tmp, sizeof(*pdlv)); +# 123| +# 124| if (pthread_mutex_init(&pdlv->lock, NULL)) + +Error: ATOMICITY (CWE-667): +opensm-3.3.24/complib/cl_dispatcher.c:83: path: Condition "cl_qlist_count(&p_disp->msg_fifo)", taking true branch. +opensm-3.3.24/complib/cl_dispatcher.c:105: path: Condition "p_msg->pfn_xmt_callback", taking true branch. +opensm-3.3.24/complib/cl_dispatcher.c:112: lock: Locking "p_disp->lock.mutex". +opensm-3.3.24/complib/cl_dispatcher.c:116: path: Jumping back to the beginning of the loop. +opensm-3.3.24/complib/cl_dispatcher.c:83: path: Condition "cl_qlist_count(&p_disp->msg_fifo)", taking true branch. +opensm-3.3.24/complib/cl_dispatcher.c:85: def: Assigning data that might be protected by the lock to "p_msg". +opensm-3.3.24/complib/cl_dispatcher.c:97: unlock: Unlocking "p_disp->lock.mutex". "p_msg" might now be unreliable because other threads can now change the data that it depends on. +opensm-3.3.24/complib/cl_dispatcher.c:105: path: Condition "p_msg->pfn_xmt_callback", taking true branch. +opensm-3.3.24/complib/cl_dispatcher.c:112: lockagain: Locking "p_disp->lock.mutex" again. +opensm-3.3.24/complib/cl_dispatcher.c:115: use: Using an unreliable value of "p_msg" inside the second locked section. If the data that "p_msg" depends on was changed by another thread, this use might be incorrect. +# 113| +# 114| /* Return this message to the pool. */ +# 115|-> cl_qpool_put(&p_disp->msg_pool, (cl_pool_item_t *) p_msg); +# 116| } +# 117| + +Error: ATOMICITY (CWE-667): +opensm-3.3.24/opensm/osm_trap_rcv.c:398: path: Condition "osm_exit_flag", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:407: path: Condition "p_madw->p_mad->mgmt_class == 1", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:417: path: Condition "p_smp->method != 5", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:432: path: Condition "is_gsi == 0", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:439: path: Condition "p_madw->mad_addr.addr_type.smi.source_lid == 0", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:443: path: Condition "sm->p_subn->sm_base_lid == 0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:448: path: Condition "osm_log_is_active_v2(sm->p_log, 8, OSM_FILE_TRAP_RCV_C)", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:462: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:462: lock: Locking "sm->p_lock->lock". +opensm-3.3.24/opensm/osm_trap_rcv.c:462: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:465: path: Condition "p_physp", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:466: path: Falling through to end of if statement. +opensm-3.3.24/opensm/osm_trap_rcv.c:472: path: Condition "status != IB_SUCCESS", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:486: path: Condition "is_gsi == 0", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:487: path: Condition "ib_notice_is_generic(p_ntci)", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:487: path: Condition "p_ntci->g_or_v.generic.trap_num == 33024 /* (uint16_t)((((uint16_t)129 & 0xff) << 8) | (((uint16_t)129 & 0xff00) >> 8)) */", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:497: def: Assigning data that might be protected by the lock to "source_lid". +opensm-3.3.24/opensm/osm_trap_rcv.c:507: path: Condition "num_received >= 10", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:508: path: Condition "print_num_received(num_received)", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:509: path: Condition "osm_log_is_active_v2(sm->p_log, 4, OSM_FILE_TRAP_RCV_C)", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:516: path: Condition "physp_change_trap == 1 /* !0 */", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:520: path: Condition "ret == 1", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:522: path: Condition "ret == 2", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:533: path: Condition "physp_change_trap == 1 /* !0 */", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:536: path: Falling through to end of if statement. +opensm-3.3.24/opensm/osm_trap_rcv.c:543: path: Condition "num_received >= 10", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:543: path: Condition "run_heavy_sweep == 0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:552: path: Condition "!ib_notice_is_generic(p_ntci)", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:554: path: Condition "__bswap_16(p_ntci->g_or_v.generic.trap_num) == 144", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:554: path: Condition "p_ntci->data_details.ntc_144.local_changes & 1", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:554: path: Condition "p_ntci->data_details.ntc_144.change_flgs & 256 /* (uint16_t)((((uint16_t)1 & 0xff) << 8) | (((uint16_t)1 & 0xff00) >> 8)) */", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:569: path: Condition "__bswap_16(p_ntci->g_or_v.generic.trap_num) == 145", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:570: path: Condition "p_physp", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:571: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:571: unlock: Unlocking "sm->p_lock->lock". "source_lid" might now be unreliable because other threads can now change the data that it depends on. +opensm-3.3.24/opensm/osm_trap_rcv.c:571: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:572: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:572: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:576: path: Condition "p_physp", taking true branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:581: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:581: unlock: Unlocking "sm->p_lock->lock". "source_lid" might now be unreliable because other threads can now change the data that it depends on. +opensm-3.3.24/opensm/osm_trap_rcv.c:581: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:582: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:582: path: Condition "0", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:583: path: Falling through to end of if statement. +opensm-3.3.24/opensm/osm_trap_rcv.c:587: path: Jumping to label "check_report". +opensm-3.3.24/opensm/osm_trap_rcv.c:642: path: Condition "is_gsi", taking false branch. +opensm-3.3.24/opensm/osm_trap_rcv.c:582: lockagain: Locking "sm->p_lock->lock" again. +opensm-3.3.24/opensm/osm_trap_rcv.c:654: use: Using an unreliable value of "source_lid" inside the second locked section. If the data that "source_lid" depends on was changed by another thread, this use might be incorrect. +# 652| } else { +# 653| /* Need to use the IssuerLID */ +# 654|-> p_port = osm_get_port_by_lid(sm->p_subn, source_lid); +# 655| if (!p_port) { +# 656| OSM_LOG(sm->p_log, OSM_LOG_VERBOSE, + +Error: STRING_OVERFLOW (CWE-120): +opensm-3.3.24/osmtest/osmt_service.c:599: path: Condition "osm_log_is_active(&p_osmt->log, 4)", taking true branch. +opensm-3.3.24/osmtest/osmt_service.c:635: path: Condition "p_osmt->opt.with_grh", taking true branch. +opensm-3.3.24/osmtest/osmt_service.c:641: path: Condition "status != IB_SUCCESS", taking false branch. +opensm-3.3.24/osmtest/osmt_service.c:650: path: Condition "status != IB_SUCCESS", taking true branch. +opensm-3.3.24/osmtest/osmt_service.c:655: path: Condition "status == IB_REMOTE_ERROR", taking true branch. +opensm-3.3.24/osmtest/osmt_service.c:656: returned_string: "ib_get_mad_status_str" returns a source buffer of 512 characters in size. +opensm-3.3.24/osmtest/osmt_service.c:656: string_overflow: You might overrun the 256-character destination string "mad_stat_err" by writing 512 characters from "ib_get_mad_status_str(osm_madw_get_mad_ptr(context.result.p_result_madw))". +# 654| then this is fine */ +# 655| if (status == IB_REMOTE_ERROR) +# 656|-> strcpy(mad_stat_err, +# 657| ib_get_mad_status_str(osm_madw_get_mad_ptr +# 658| (context.result. + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:53: insufficient_logging: Calling "ParseRSAPublicKeyFromPEM". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:53: assign: Assigning: "err" = "ParseRSAPublicKeyFromPEM(rsaPubBytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:56: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:54: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:54: remediation: Log this issue to improve detection and response to security incidents. +# 52| } +# 53| pubKey, err := jwt.ParseRSAPublicKeyFromPEM(rsaPubBytes) +# 54|-> if err != nil { +# 55| panic(err) +# 56| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:123: insufficient_logging: Calling "ParseRSAPrivateKeyFromPEM". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:123: assign: Assigning: "err" = "ParseRSAPrivateKeyFromPEM(rsaPrivBytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:126: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:124: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go:124: remediation: Log this issue to improve detection and response to security incidents. +# 122| } +# 123| privKey, err := jwt.ParseRSAPrivateKeyFromPEM(rsaPrivBytes) +# 124|-> if err != nil { +# 125| panic(err) +# 126| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:78: insufficient_logging: Calling "UploadFile". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:78: assign: Assigning: "err" = "uploadManager.UploadFile(ctx, req)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:88: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:79: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:79: remediation: Log this issue to improve detection and response to security incidents. +# 77| ctx := context.Background() +# 78| resp, err := uploadManager.UploadFile(ctx, req) +# 79|-> if err != nil { +# 80| if resp.IsResumable() { +# 81| resp, err = uploadManager.ResumeUploadFile(ctx, *resp.MultipartUploadResponse.UploadID) + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:182: insufficient_logging: Calling "NewObjectStorageClientWithConfigurationProvider". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:182: assign: Assigning: "err" = "NewObjectStorageClientWithConfigurationProvider(configProvider)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:187: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:185: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:185: remediation: Log this issue to improve detection and response to security incidents. +# 183| // this disables the default 60 seconds timeout, to support big files upload (the common scenario) +# 184| storageClient.HTTPClient = &http.Client{} +# 185|-> if err != nil { +# 186| return Client{}, fmt.Errorf("failed to create an Oracle objectstorage client: %w", err) +# 187| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:188: insufficient_logging: Calling "NewIdentityClientWithConfigurationProvider". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:188: assign: Assigning: "err" = "NewIdentityClientWithConfigurationProvider(configProvider)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:191: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:189: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:189: remediation: Log this issue to improve detection and response to security incidents. +# 187| } +# 188| identityClient, err := identity.NewIdentityClientWithConfigurationProvider(configProvider) +# 189|-> if err != nil { +# 190| return Client{}, fmt.Errorf("failed to create an Oracle identity client: %w", err) +# 191| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:192: insufficient_logging: Calling "NewComputeClientWithConfigurationProvider". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:192: assign: Assigning: "err" = "NewComputeClientWithConfigurationProvider(configProvider)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:195: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:193: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:193: remediation: Log this issue to improve detection and response to security incidents. +# 191| } +# 192| computeClient, err := core.NewComputeClientWithConfigurationProvider(configProvider) +# 193|-> if err != nil { +# 194| return Client{}, fmt.Errorf("failed to create an Oracle compute client: %w", err) +# 195| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:196: insufficient_logging: Calling "NewWorkRequestClientWithConfigurationProvider". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:196: assign: Assigning: "err" = "NewWorkRequestClientWithConfigurationProvider(configProvider)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:199: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:197: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go:197: remediation: Log this issue to improve detection and response to security incidents. +# 195| } +# 196| workRequestsClient, err := workrequests.NewWorkRequestClientWithConfigurationProvider(configProvider) +# 197|-> if err != nil { +# 198| return Client{}, fmt.Errorf("failed to create an Oracle workrequests client: %w", err) +# 199| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:299: path: Condition "host == """, taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:310: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:318: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:321: path: Condition "res != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:324: path: Condition "shouldRetry", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:325: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:328: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:318: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:321: path: Condition "res != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:324: path: Condition "shouldRetry", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:325: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:328: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:318: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:321: path: Condition "res != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:321: var_compare_op: Comparing "res" to null implies that "res" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:324: path: Condition "shouldRetry", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:330: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:332: path: Condition "reqErr != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:335: null_field_access: Accessing field of null object "res". +# 333| return "", "", reqErr +# 334| } +# 335|-> defer res.Body.Close() +# 336| if res.StatusCode == http.StatusNotFound { +# 337| return "", "", NotDefinedError(suffix) + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:501: taint: Calling "getETag". This call taints ".$1". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:501: assign: Assigning: "lastETag" = "c.getETag(suffix)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:517: identity: Calling "QueryEscape". This call assigns "lastETag" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:517: sink: Calling "getETag". This call uses a tainted string for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go:517: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 515| } +# 516| for { +# 517|-> val, etag, err := c.getETag(suffix + url.QueryEscape(lastETag)) +# 518| if err != nil { +# 519| if _, deleted := err.(NotDefinedError); !deleted { + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go:1070: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go:1070: assign: Assigning: "err" = "ParsePKCS8PrivateKey(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go:1076: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go:1071: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go:1071: remediation: Log this issue to improve detection and response to security incidents. +# 1069| } +# 1070| parsedKey, err := x509.ParsePKCS8PrivateKey(key) +# 1071|-> if err != nil { +# 1072| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 1073| if err != nil { + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:643: insufficient_logging: Calling "DecodePfxCertificateData". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:643: assign: Assigning: "err" = "DecodePfxCertificateData(certData, ccc.CertificatePassword)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:646: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:644: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:644: remediation: Log this issue to improve detection and response to security incidents. +# 642| } +# 643| certificate, rsaPrivateKey, err := adal.DecodePfxCertificateData(certData, ccc.CertificatePassword) +# 644|-> if err != nil { +# 645| return nil, fmt.Errorf("failed to decode pkcs12 certificate while creating spt: %v", err) +# 646| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:660: insufficient_logging: Calling "DecodePfxCertificateData". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:660: assign: Assigning: "err" = "DecodePfxCertificateData(certData, ccc.CertificatePassword)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:663: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:661: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go:661: remediation: Log this issue to improve detection and response to security incidents. +# 659| } +# 660| certificate, rsaPrivateKey, err := adal.DecodePfxCertificateData(certData, ccc.CertificatePassword) +# 661|-> if err != nil { +# 662| return nil, fmt.Errorf("failed to decode pkcs12 certificate while creating spt: %v", err) +# 663| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go:939: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go:939: assign: Assigning: "err" = "ParsePKIXPublicKey(der)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go:942: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go:940: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go:940: remediation: Log this issue to improve detection and response to security incidents. +# 938| +# 939| key, err := x509.ParsePKIXPublicKey(der) +# 940|-> if err != nil { +# 941| return false +# 942| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:583: path: Condition "len(c.SSOSessionName) == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:587: path: Condition "c.SSOSession == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:587: var_compare_op: Comparing "c.SSOSession" to null implies that "c.SSOSession" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:589: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:599: path: Condition "len(missing) > 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:604: path: Condition "len(c.SSORegion) > 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:604: null_field_access: Accessing field of null object "c.SSOSession". +# 602| } +# 603| +# 604|-> if len(c.SSORegion) > 0 && c.SSORegion != c.SSOSession.SSORegion { +# 605| return fmt.Errorf("%s in profile %q must match %s in %s", ssoRegionKey, c.Profile, ssoRegionKey, ssoSectionPrefix) +# 606| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:583: path: Condition "len(c.SSOSessionName) == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:587: path: Condition "c.SSOSession == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:587: var_compare_op: Comparing "c.SSOSession" to null implies that "c.SSOSession" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:589: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:599: path: Condition "len(missing) > 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:604: path: Condition "len(c.SSORegion) > 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:608: path: Condition "len(c.SSOStartURL) > 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go:608: null_field_access: Accessing field of null object "c.SSOSession". +# 606| } +# 607| +# 608|-> if len(c.SSOStartURL) > 0 && c.SSOStartURL != c.SSOSession.SSOStartURL { +# 609| return fmt.Errorf("%s in profile %q must match %s in %s", ssoStartURL, c.Profile, ssoStartURL, ssoSectionPrefix) +# 610| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go:50: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go:50: assign: Assigning: "err" = "SystemCertPool()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go:53: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go:51: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go:51: remediation: Log this issue to improve detection and response to security incidents. +# 49| if tlsc.RootCAs == nil { +# 50| systemPool, err := x509.SystemCertPool() +# 51|-> if err != nil { +# 52| return fmt.Errorf("unable to get system cert pool: %w", err) +# 53| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:82: insufficient_logging: Calling "UnmarshalPEMToPublicKey". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:82: assign: Assigning: "err" = "UnmarshalPEMToPublicKey(publicKeyPEM)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:85: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:83: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:83: remediation: Log this issue to improve detection and response to security incidents. +# 81| if publicKeyPEM != nil { +# 82| pk, err := cryptoutils.UnmarshalPEMToPublicKey(publicKeyPEM) +# 83|-> if err != nil { +# 84| return nil, fmt.Errorf("parsing public key: %w", err) +# 85| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:102: insufficient_logging: Calling "UnmarshalPEMToPublicKey". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:102: assign: Assigning: "err" = "UnmarshalPEMToPublicKey(rekorPublicKeyPEM)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:105: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:103: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:103: remediation: Log this issue to improve detection and response to security incidents. +# 101| if rekorPublicKeyPEM != nil { +# 102| pk, err := cryptoutils.UnmarshalPEMToPublicKey(rekorPublicKeyPEM) +# 103|-> if err != nil { +# 104| return nil, fmt.Errorf("parsing Rekor public key: %w", err) +# 105| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:152: insufficient_logging: Calling "MarshalPublicKeyToPEM". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:152: assign: Assigning: "err" = "MarshalPublicKeyToPEM(trustRoot.publicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:158: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:153: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go:153: remediation: Log this issue to improve detection and response to security incidents. +# 151| // FIXME: We could just generate DER instead of the full PEM text +# 152| recreatedPublicKeyPEM, err := cryptoutils.MarshalPublicKeyToPEM(trustRoot.publicKey) +# 153|-> if err != nil { +# 154| // Coverage: The key was loaded from a PEM format, so it’s unclear how this could fail. +# 155| // (PEM is not essential, MarshalPublicKeyToPEM can only fail if marshaling to ASN1.DER fails.) + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go:59: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go:59: assign: Assigning: "err" = "ParsePKCS8PrivateKey(x509Encoded)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go:62: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go:60: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go:60: remediation: Log this issue to improve detection and response to security incidents. +# 58| +# 59| pk, err := x509.ParsePKCS8PrivateKey(x509Encoded) +# 60|-> if err != nil { +# 61| return nil, fmt.Errorf("parsing private key: %w", err) +# 62| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go:38: insufficient_logging: Calling "MarshalPublicKeyToPEM". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go:38: assign: Assigning: "err" = "MarshalPublicKeyToPEM(publicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go:41: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go:39: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go:39: remediation: Log this issue to improve detection and response to security incidents. +# 37| } +# 38| publicKeyPEM, err := cryptoutils.MarshalPublicKeyToPEM(publicKey) +# 39|-> if err != nil { +# 40| return fmt.Errorf("converting public key to PEM: %w", err) +# 41| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go:127: insufficient_logging: Calling "GenerateCACert". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go:127: assign: Assigning: "err" = "GenerateCACert(signer, trustedKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go:130: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go:128: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go:128: remediation: Log this issue to improve detection and response to security incidents. +# 126| for _, trustedKey := range trustedKeys { +# 127| cert, err := GenerateCACert(signer, trustedKey) +# 128|-> if err != nil { +# 129| return nil, fmt.Errorf("failed to generate CA certificate: %s", err) +# 130| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:141: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:141: assign: Assigning: "err" = "MarshalPKIXPublicKey(k.PublicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:144: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:142: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:142: remediation: Log this issue to improve detection and response to security incidents. +# 140| func (k *ecPublicKey) PEMBlock() (*pem.Block, error) { +# 141| derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey) +# 142|-> if err != nil { +# 143| return nil, fmt.Errorf("unable to serialize EC PublicKey to DER-encoded PKIX format: %s", err) +# 144| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:330: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:330: assign: Assigning: "err" = "MarshalECPrivateKey(k.PrivateKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:333: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:331: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go:331: remediation: Log this issue to improve detection and response to security incidents. +# 329| func (k *ecPrivateKey) PEMBlock() (*pem.Block, error) { +# 330| derBytes, err := x509.MarshalECPrivateKey(k.PrivateKey) +# 331|-> if err != nil { +# 332| return nil, fmt.Errorf("unable to serialize EC PrivateKey to DER-encoded PKIX format: %s", err) +# 333| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go:147: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go:147: assign: Assigning: "err" = "ParsePKCS1PrivateKey(pemBlock.Bytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go:150: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go:148: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go:148: remediation: Log this issue to improve detection and response to security incidents. +# 146| case pemBlock.Type == "RSA PRIVATE KEY": +# 147| rsaPrivateKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes) +# 148|-> if err != nil { +# 149| return nil, fmt.Errorf("unable to decode RSA Private Key PEM data: %s", err) +# 150| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go:112: insufficient_logging: Calling "GenerateSelfSignedServerCert". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go:112: assign: Assigning: "err" = "GenerateSelfSignedServerCert(trustKey, domains, ips)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go:115: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go:113: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go:113: remediation: Log this issue to improve detection and response to security incidents. +# 111| domains = append(domains, domain) +# 112| x509Cert, err := GenerateSelfSignedServerCert(trustKey, domains, ips) +# 113|-> if err != nil { +# 114| return nil, fmt.Errorf("certificate generation error: %s", err) +# 115| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go:98: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go:98: assign: Assigning: "err" = "MarshalPKIXPublicKey(k.PublicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go:101: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go:99: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go:99: remediation: Log this issue to improve detection and response to security incidents. +# 97| func (k *rsaPublicKey) PEMBlock() (*pem.Block, error) { +# 98| derBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey) +# 99|-> if err != nil { +# 100| return nil, fmt.Errorf("unable to serialize RSA PublicKey to DER-encoded PKIX format: %s", err) +# 101| } + +Error: SENSITIVE_DATA_LEAK (CWE-313): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:31: sensitive_data: Calling "GenerateECP256PrivateKey". This call stores sensitive data in "(.$0).PrivateKey". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:31: assign: Assigning: "trustKey" = "GenerateECP256PrivateKey()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:36: sink: Calling "SaveKey". This stores the sensitive data "trustKey" to the filesystem. It may be exposed to unintended individuals. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:36: remediation: Do not leak this data to the filesystem. +# 34| } +# 35| +# 36|-> if err := SaveKey(trustKeyPath, trustKey); err != nil { +# 37| return nil, fmt.Errorf("error saving key file: %s", err) +# 38| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:96: insufficient_logging: Calling "GenerateSelfSignedClientCert". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:96: assign: Assigning: "err" = "GenerateSelfSignedClientCert(trustKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:99: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:97: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:97: remediation: Log this issue to improve detection and response to security incidents. +# 95| +# 96| x509Cert, err := GenerateSelfSignedClientCert(trustKey) +# 97|-> if err != nil { +# 98| return nil, fmt.Errorf("certificate generation error: %s", err) +# 99| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:200: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:200: assign: Assigning: "err" = "MarshalPKIXPublicKey(pubKey.CryptoPublicKey())". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:203: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:201: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:201: remediation: Log this issue to improve detection and response to security incidents. +# 199| // ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP +# 200| derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey()) +# 201|-> if err != nil { +# 202| return "" +# 203| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:338: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:338: assign: Assigning: "err" = "ParsePKIXPublicKey(pemBlock.Bytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:341: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:339: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go:339: remediation: Log this issue to improve detection and response to security incidents. +# 337| func pubKeyFromPEMBlock(pemBlock *pem.Block) (PublicKey, error) { +# 338| cryptoPublicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes) +# 339|-> if err != nil { +# 340| return nil, fmt.Errorf("unable to decode Public Key PEM data: %s", err) +# 341| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go:272: insufficient_logging: Calling "UnwrapKey". This function call creates a logging obligation. (The interface method resolves to "pkcs7.pkcs7KeyWrapper.UnwrapKey(config.DecryptConfig *, []byte)".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go:272: assign: Assigning: "err" = "keywrapper.UnwrapKey(dc, annotation)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go:276: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go:273: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go:273: remediation: Log this issue to improve detection and response to security incidents. +# 271| } +# 272| optsData, err := keywrapper.UnwrapKey(dc, annotation) +# 273|-> if err != nil { +# 274| errs += fmt.Sprintf("- %s\n", err) +# 275| continue + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go:87: insufficient_logging: Calling "DecryptMulti". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go:87: assign: Assigning: "err" = "jwe.DecryptMulti(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go:90: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go:88: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go:88: remediation: Log this issue to improve detection and response to security incidents. +# 86| } +# 87| _, _, plain, err := jwe.DecryptMulti(key) +# 88|-> if err == nil { +# 89| return plain, nil +# 90| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go:106: insufficient_logging: Calling "Parse". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go:106: assign: Assigning: "err" = "Parse(pkcs7Packet)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go:109: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go:107: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go:107: remediation: Log this issue to improve detection and response to security incidents. +# 105| +# 106| p7, err := pkcs7.Parse(pkcs7Packet) +# 107|-> if err != nil { +# 108| return nil, fmt.Errorf("could not parse PKCS7 packet: %w", err) +# 109| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:49: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:49: assign: Assigning: "err" = "MarshalPKIXPublicKey(&key.PublicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:52: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:50: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:50: remediation: Log this issue to improve detection and response to security incidents. +# 48| +# 49| pubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey) +# 50|-> if err != nil { +# 51| return nil, nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %w", err) +# 52| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:93: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:93: assign: Assigning: "err" = "MarshalPKIXPublicKey(&key.PublicKey)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:96: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:94: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:94: remediation: Log this issue to improve detection and response to security incidents. +# 92| +# 93| pubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey) +# 94|-> if err != nil { +# 95| return nil, nil, fmt.Errorf("x509.MarshalPKIXPublicKey failed: %w", err) +# 96| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:98: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:98: assign: Assigning: "err" = "MarshalECPrivateKey(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:101: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:99: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:99: remediation: Log this issue to improve detection and response to security incidents. +# 97| +# 98| privData, err := x509.MarshalECPrivateKey(key) +# 99|-> if err != nil { +# 100| return nil, nil, fmt.Errorf("x509.MarshalECPrivateKey failed: %w", err) +# 101| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:159: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:159: assign: Assigning: "err" = "ParseCertificate(certDER)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:162: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:160: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go:160: remediation: Log this issue to improve detection and response to security incidents. +# 158| +# 159| cert, err := x509.ParseCertificate(certDER) +# 160|-> if err != nil { +# 161| return nil, fmt.Errorf("x509.ParseCertificate failed: %w", err) +# 162| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go:102: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go:102: assign: Assigning: "err" = "DecryptPEMBlock(block, privKeyPassword)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go:105: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go:103: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go:103: remediation: Log this issue to improve detection and response to security incidents. +# 101| } +# 102| der, err = x509.DecryptPEMBlock(block, privKeyPassword) //nolint:staticcheck // ignore SA1019, which is kept for backward compatibility +# 103|-> if err != nil { +# 104| return nil, fmt.Errorf("%s: Wrong password: could not decrypt private key", prefix) +# 105| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:106: insufficient_logging: Calling "SystemCertPool". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:106: assign: Assigning: "err" = "SystemCertPool()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:109: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:107: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:107: remediation: Log this issue to improve detection and response to security incidents. +# 105| } else { +# 106| certPool, err = SystemCertPool() +# 107|-> if err != nil { +# 108| return nil, fmt.Errorf("failed to read system certificates: %v", err) +# 109| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:161: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:161: assign: Assigning: "err" = "DecryptPEMBlock(pemBlock, ([]byte)passphrase)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:164: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:162: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go:162: remediation: Log this issue to improve detection and response to security incidents. +# 160| if x509.IsEncryptedPEMBlock(pemBlock) { +# 161| keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(passphrase)) +# 162|-> if err != nil { +# 163| return nil, errors.Wrap(err, "private key is encrypted, but could not decrypt it") +# 164| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:60: path: Condition "reflection.Kind() != 22 /* Ptr */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:64: path: Condition "reflection.IsNil()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:83: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.Kind() == 22 /* Ptr */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.IsNil()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:97: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:101: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: type_assertion: Type assertion can store "nil" into "v". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:103: path: Switch case value "Ptr". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:105: path: Condition "fieldValue.IsNil()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:155: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:159: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:80: path: Condition " < len(typeInfo.Fields)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:82: path: Condition "!field.HasJSONTag", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:88: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.Kind() == 22 /* Ptr */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:89: path: Condition "fieldValue.IsNil()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go:96: null_method_call: Calling a method on null object "v". +# 94| continue +# 95| } +# 96|-> fieldData, err := v.MarshalJSON() +# 97| if err != nil { +# 98| return err + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go:16: path: Condition "ok == false", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go:20: path: Condition "ref != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go:20: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go:23: null_field_access: Accessing field of null object "ref". +# 21| return &Ref{Ref: ref.Ref}, nil +# 22| } +# 23|-> return ref.Value, nil +# 24| } +# 25| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:36: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:40: path: Condition "index < 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:40: path: Condition "index >= len(p)", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:46: path: Condition "ref != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:46: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go:49: null_field_access: Accessing field of null object "ref". +# 47| return &Ref{Ref: ref.Ref}, nil +# 48| } +# 49|-> return ref.Value, nil +# 50| } +# 51| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:18: path: Condition "ok == false", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:22: path: Condition "ref != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:22: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go:25: null_field_access: Accessing field of null object "ref". +# 23| return &Ref{Ref: ref.Ref}, nil +# 24| } +# 25|-> return ref.Value, nil +# 26| } +# 27| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go:47: path: Condition "ok == false", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go:51: path: Condition "ref != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go:51: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go:54: null_field_access: Accessing field of null object "ref". +# 52| return &Ref{Ref: ref.Ref}, nil +# 53| } +# 54|-> return ref.Value, nil +# 55| } +# 56| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:88: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:92: path: Condition "i >= (uint64)len(s)", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:98: path: Condition "ref == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:98: var_compare_op: Comparing "ref" to null implies that "ref" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go:99: null_field_access: Accessing field of null object "ref". +# 97| +# 98| if ref == nil || ref.Ref != "" { +# 99|-> return &Ref{Ref: ref.Ref}, nil +# 100| } +# 101| return ref.Value, nil + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:117: path: Condition "len(servers) == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:119: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:142: path: Condition "node != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:142: var_compare_op: Comparing "node" to null implies that "node" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:145: path: Condition "route == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:147: path: Condition "pathItem == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:150: path: Condition "pathItem.GetOperation(method) == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:155: path: Condition "pathParams == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go:158: null_field_access: Accessing field of null object "node". +# 156| pathParams = make(map[string]string, len(paramValues)) +# 157| } +# 158|-> paramKeys := node.VariableNames +# 159| for i, value := range paramValues { +# 160| key := paramKeys[i] + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:112: path: Condition "s == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:115: path: Condition "s.Schema != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:115: var_compare_op: Comparing "s.Schema" to null implies that "s.Schema" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:119: path: Condition "data == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:127: path: Condition "kind == 22 /* Ptr */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:133: path: Condition "kind == 25 /* Struct */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go:143: null_field_access: Accessing field of null object "s.Schema". +# 141| // TODO: this part should be handed over to type validator +# 142| // Handle special case of json.Number data (number marshalled as string) +# 143|-> isnumber := s.Schema.Type.Contains(numberType) || s.Schema.Type.Contains(integerType) +# 144| if num, ok := data.(json.Number); ok && isnumber { +# 145| if s.Schema.Type.Contains(integerType) { // avoid lossy conversion + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(block.Bytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:30: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:28: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| var parsedKey interface{} +# 27| if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { +# 28|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { +# 29| return nil, err +# 30| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:59: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:59: assign: Assigning: "err" = "ParsePKCS1PrivateKey(blockDecrypted)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:62: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:60: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go:60: remediation: Log this issue to improve detection and response to security incidents. +# 58| +# 59| if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil { +# 60|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil { +# 61| return nil, err +# 62| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:67: assign_null: Assigning: "ed25519Key" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:70: path: Condition "!ok", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go:74: null_method_call: Calling a method on null object "ed25519Key". +# 72| } +# 73| +# 74|-> if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { +# 75| return "", ErrInvalidKey +# 76| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(block.Bytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:30: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:28: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| var parsedKey interface{} +# 27| if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil { +# 28|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { +# 29| return nil, err +# 30| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:63: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:63: assign: Assigning: "err" = "ParsePKCS1PrivateKey(blockDecrypted)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:66: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:64: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go:64: remediation: Log this issue to improve detection and response to security incidents. +# 62| +# 63| if parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil { +# 64|-> if parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil { +# 65| return nil, err +# 66| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:93: path: Condition " < len(flattenOptions(nil, opts))", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:95: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:93: path: Condition " < len(flattenOptions(nil, opts))", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:93: identity_transfer: Passing "nil" as argument 1 to function "flattenOptions", which returns that argument. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:93: null_array_access: Accessing an element on null array "flattenOptions(nil, opts)". +# 91| const help = "consider using filters to ensure at most one Comparer or Transformer may apply" +# 92| var ss []string +# 93|-> for _, opt := range flattenOptions(nil, opts) { +# 94| ss = append(ss, fmt.Sprint(opt)) +# 95| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:528: identity_transfer: Passing "nil" as argument 1 to function "flattenOptions", which returns that argument. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:528: alias_transfer: Assigning: "opts" = "flattenOptions(nil, {src})". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:528: path: Switch case value "1". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go:532: null_array_access: Accessing an element on null array "opts". +# 530| return nil +# 531| case 1: +# 532|-> return opts[0] +# 533| default: +# 534| return opts + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go:163: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go:163: assign: Assigning: "err" = "ParsePKIXPublicKey(publicKeyBytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go:166: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go:164: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go:164: remediation: Log this issue to improve detection and response to security incidents. +# 162| +# 163| publicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes) +# 164|-> if err != nil { +# 165| return nil, fmt.Errorf("failed to parse public key: %w", err) +# 166| } + +Error: OPEN_REDIRECT (CWE-601): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go:353: taint: The field "req.URL" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go:357: concat: Creating a tainted string using "u.Path". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go:357: assign: Assigning a tainted string to "u.Path". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go:359: identity: Calling "String". This call assigns "u.Path" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go:359: sink: Calling "RedirectHandler". This call passes the tainted data, "u.String()", to a redirect sink. +# 357| u.Path += "/" +# 358| } +# 359|-> m.Handler = http.RedirectHandler(u.String(), http.StatusMovedPermanently) +# 360| } +# 361| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go:740: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go:740: assign: Assigning: "decryptedError" = "DecryptPEMBlock(block, ([]byte)sslpassword)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go:744: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go:742: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go:742: remediation: Log this issue to improve detection and response to security incidents. +# 740| decryptedKey, decryptedError = x509.DecryptPEMBlock(block, []byte(sslpassword)) +# 741| // Should we also provide warning for PKCS#1 needed? +# 742|-> if decryptedError != nil { +# 743| return nil, fmt.Errorf("unable to decrypt key: %w", err) +# 744| } + +Error: HARDCODED_CREDENTIALS (CWE-259): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go:218: hardcoded_credential: The constant string ""xxxxx"" is a credential or key. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go:218: password_use: Calling "UserPassword". This call uses the constant string as a password. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go:218: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 216| } +# 217| if _, pwSet := u.User.Password(); pwSet { +# 218|-> u.User = url.UserPassword(u.User.Username(), "xxxxx") +# 219| } +# 220| return u.String() + +Error: HARDCODED_CREDENTIALS (CWE-259): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:104: identity: Calling "ParseConfig". This call assigns " +" to "(.$0).Password". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:104: assign: Assigning: "config" = "ParseConfig(connString)". Now "config.Password" is equal to " +". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:109: password_use: Calling "ConnectConfig". This call uses the constant string as a password. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:109: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 107| } +# 108| +# 109|-> return ConnectConfig(ctx, config) +# 110| } +# 111| + +Error: HARDCODED_CREDENTIALS (CWE-259): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:116: identity: Calling "ParseConfigWithOptions". This call assigns " +" to "(.$0).Password". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:116: assign: Assigning: "config" = "ParseConfigWithOptions(connString, parseConfigOptions)". Now "config.Password" is equal to " +". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:121: password_use: Calling "ConnectConfig". This call uses the constant string as a password. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:121: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 119| } +# 120| +# 121|-> return ConnectConfig(ctx, config) +# 122| } +# 123| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:131: assign_null: Assigning: "pgConn" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:134: path: Condition "!config.createdByParseConfig", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:149: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:153: path: Condition "len(fallbackConfigs) == 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:159: path: Condition " < len(fallbackConfigs)", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:191: path: Condition "!foundBestServer", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:191: path: Condition "fallbackConfig != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:198: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:202: path: Condition "config.AfterConnect != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:204: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go:205: null_field_access: Accessing field of null object "pgConn". +# 203| err := config.AfterConnect(ctx, pgConn) +# 204| if err != nil { +# 205|-> pgConn.conn.Close() +# 206| return nil, &connectError{config: config, msg: "AfterConnect error", err: err} +# 207| } + +Error: HARDCODED_CREDENTIALS (CWE-259): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:103: identity: Calling "ParseConfig". This call assigns " +" to "(.$0).Config.Password". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:103: assign: Assigning: "connConfig" = "ParseConfig(connString)". Now "connConfig.Config.Password" is equal to " +". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:107: password_use: Calling "connect". This call uses the constant string as a password. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:107: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 105| return nil, err +# 106| } +# 107|-> return connect(ctx, connConfig) +# 108| } +# 109| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:721: path: Condition "simpleProtocol", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:744: path: Condition " < len(b.items)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:745: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:746: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:744: path: Condition " < len(b.items)", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:751: assign_null: Assigning: "stmtCache" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:752: path: Condition "len(distinctUnpreparedQueries) > 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:769: path: Condition " < len(b.items)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:773: path: Condition "sd == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go:775: null_method_call: Calling a method on null object "stmtCache". +# 773| if sd == nil { +# 774| var err error +# 775|-> sd, err = stmtCache.Get(ctx, bi.query) +# 776| if err != nil { +# 777| return c.logBatchResults(ctx, startTime, &batchResults{ctx: ctx, conn: c, err: err}) + +Error: OPEN_REDIRECT (CWE-601): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:403: taint: The field "req.URL" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:403: identity: Calling "String". This call assigns "req.URL.Fragment" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:403: sink: Calling "Redirect". This call passes the tainted data, "req.URL.String()", to a redirect sink. +# 401| req.URL.Path = path + "/" +# 402| } +# 403|-> http.Redirect(w, req, req.URL.String(), code) +# 404| return +# 405| } + +Error: OPEN_REDIRECT (CWE-601): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:415: taint: The field "req.URL" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:415: identity: Calling "String". This call assigns "req.URL.Fragment" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go:415: sink: Calling "Redirect". This call passes the tainted data, "req.URL.String()", to a redirect sink. +# 413| if found { +# 414| req.URL.Path = string(fixedPath) +# 415|-> http.Redirect(w, req, req.URL.String(), code) +# 416| return +# 417| } + +Error: PATH_MANIPULATION (CWE-22): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: identity: Calling "Request". This call returns "c.request". (The interface method resolves to "v4.context.Request()".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: taint: The field "c.Request().URL" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: assign: Assigning: "p" = "c.Request().URL.Path". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:174: identity: Calling "PathUnescape". This call assigns "p" to ".$0". Now ".$0" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:174: assign: Assigning: "p" = "PathUnescape(p)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: identity: Calling "Clean". This call assigns a tainted string to "". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: assign: Assigning: "[1]" = "Clean("/" + p)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: identity: Calling "Join". This call assigns "{config.Root, Clean("/" + p)}" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: assign: Assigning: "name" = "Join(config.Root, Clean("/" + p))". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:189: sink: Calling "Open". This call uses "name" for sensitive computation. (The interface method resolves to "http.Dir.Open(string)".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:189: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 187| } +# 188| +# 189|-> file, err := config.Filesystem.Open(name) +# 190| if err != nil { +# 191| if !isIgnorableOpenFileError(err) { + +Error: PATH_MANIPULATION (CWE-22): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: identity: Calling "Request". This call returns "c.request". (The interface method resolves to "v4.context.Request()".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: taint: The field "c.Request().URL" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:170: assign: Assigning: "p" = "c.Request().URL.Path". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:174: identity: Calling "PathUnescape". This call assigns "p" to ".$0". Now ".$0" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:174: assign: Assigning: "p" = "PathUnescape(p)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: identity: Calling "Clean". This call assigns a tainted string to "". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: assign: Assigning: "[1]" = "Clean("/" + p)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: identity: Calling "Join". This call assigns "{config.Root, Clean("/" + p)}" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:178: assign: Assigning: "name" = "Join(config.Root, Clean("/" + p))". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:220: assign: Assigning: "[0]" = "name". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:220: identity: Calling "Join". This call assigns "{name, config.Index}" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:220: sink: Calling "Open". This call uses "Join(name, config.Index)" for sensitive computation. (The interface method resolves to "http.Dir.Open(string)".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go:220: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 218| +# 219| if info.IsDir() { +# 220|-> index, err := config.Filesystem.Open(path.Join(name, config.Index)) +# 221| if err != nil { +# 222| if config.Browse { + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:535: assign_null: Assigning: "previousBestMatchNode" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:588: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:592: path: Condition "currentNode.kind == 0 /* staticKind */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:598: path: Condition "searchLen < max", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "lcpLen < max", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "search[lcpLen] == currentNode.prefix[lcpLen]", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:602: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "lcpLen < max", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "search[lcpLen] == currentNode.prefix[lcpLen]", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:605: path: Condition "lcpLen != prefixLen", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:626: path: Condition "search == """, taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:645: path: Condition "search != """, taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:646: path: Condition "child != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:654: path: Condition "search != """, taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:654: path: Condition "child != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:658: path: Condition "currentNode.isLeaf", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:662: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:671: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:588: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:592: path: Condition "currentNode.kind == 0 /* staticKind */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:598: path: Condition "searchLen < max", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "lcpLen < max", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:601: path: Condition "search[lcpLen] == currentNode.prefix[lcpLen]", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:605: path: Condition "lcpLen != prefixLen", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:608: path: Condition "!ok", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:610: path: Condition "nk == 1 /* paramKind */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:617: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:714: path: Condition "currentNode == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:722: path: Condition "matchedRouteMethod != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:729: alias_transfer: Assigning: "currentNode" = "previousBestMatchNode". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go:731: null_field_access: Accessing field of null object "currentNode". +# 729| currentNode = previousBestMatchNode +# 730| +# 731|-> rPath = currentNode.originalPath +# 732| rPNames = nil // no params here +# 733| ctx.handler = NotFoundHandler + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go:145: insufficient_logging: Calling "KeyDigest". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go:145: assign: Assigning: "err" = "KeyDigest(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go:148: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go:146: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go:146: remediation: Log this issue to improve detection and response to security incidents. +# 144| if policy.blockedCheck != nil { +# 145| digest, err := core.KeyDigest(key) +# 146|-> if err != nil { +# 147| return badKey("%w", err) +# 148| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go:296: insufficient_logging: Calling "Call". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go:296: assign: Assigning: "err" = "c.authClient.Call(Background(), &httpRequest)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go:298: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go:296: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go:296: remediation: Log this issue to improve detection and response to security incidents. +# 294| +# 295| for retry := 0; retry < 5; retry++ { +# 296|-> if httpResponse, err = c.authClient.Call(context.Background(), &httpRequest); err == nil { +# 297| break +# 298| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go:100: path: Condition "currTry < MaxRetriesFederationClient", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go:102: path: Condition "err == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go:102: var_compare_op: Comparing "err" to null implies that "err" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go:102: path: Condition "statusCode == 200", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go:105: null_method_call: Calling a method on null object "err". +# 103| return common.StringToRegion(body.String()), nil +# 104| } +# 105|-> common.Logf("Error in getting region from url: %s, Status code: %v, Error: %s", url, statusCode, err.Error()) +# 106| if statusCode == 404 && strings.Compare(url, metadataBaseURL+regionPath) == 0 { +# 107| common.Logf("Falling back to http://169.254.169.254/opc/v1 to try again...") + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:459: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:459: var_compare_op: Comparing "err" to null implies that "err" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:463: path: Condition "(info.PresentConfiguration & 2 /* hasUser */) == 2 /* hasUser */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:466: path: Condition "err == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:473: null_method_call: Calling a method on null object "err". +# 471| return "ST$" + rawString, nil +# 472| } +# 473|-> err = fmt.Errorf("can not read SecurityTokenFilePath from configuration file due to: %s", err.Error()) +# 474| return +# 475| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:636: insufficient_logging: Calling "PrivateRSAKey". This function call creates a logging obligation. (The interface method resolves to "common.rawConfigurationProvider.PrivateRSAKey()".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:636: assign: Assigning: "err" = "p.PrivateRSAKey()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:639: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:637: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go:637: remediation: Log this issue to improve detection and response to security incidents. +# 635| for _, p := range c.Providers { +# 636| val, err := p.PrivateRSAKey() +# 637|-> if err == nil { +# 638| return val, nil +# 639| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:127: insufficient_logging: Calling "SKID". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:127: assign: Assigning: "err" = "SKID(first)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:130: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:128: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:128: remediation: Log this issue to improve detection and response to security incidents. +# 126| // Calculate SKID to include in error message +# 127| firstSKID, err := SKID(first) +# 128|-> if err != nil { +# 129| return msg +# 130| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:131: insufficient_logging: Calling "SKID". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:131: assign: Assigning: "err" = "SKID(second)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:134: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:132: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go:132: remediation: Log this issue to improve detection and response to security incidents. +# 130| } +# 131| secondSKID, err := SKID(second) +# 132|-> if err != nil { +# 133| return msg +# 134| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go:39: assign_null: Assigning: "obj.ComputeResource.ConfigurationEx" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go:42: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go:46: unbox_null: Unboxing null object "obj.ComputeResource.ConfigurationEx". +# 44| } +# 45| +# 46|-> return obj.ConfigurationEx.(*types.ClusterConfigInfoEx), nil +# 47| } +# 48| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go:46: assign_null: Assigning: "mh.ManagedEntity.Parent" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go:49: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go:56: null_field_access: Accessing field of null object "mh.ManagedEntity.Parent". +# 54| var parent interface{} +# 55| +# 56|-> switch mh.Parent.Type { +# 57| case "ComputeResource": +# 58| mcr = new(mo.ComputeResource) + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:560: assign_null: Assigning: "o.Config" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:563: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:567: null_field_access: Accessing field of null object "o.Config". +# 565| } +# 566| +# 567|-> return o.Config.BootOptions, nil +# 568| } +# 569| + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:813: assign_null: Assigning: "o.Guest" = "nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:816: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go:820: null_field_access: Accessing field of null object "o.Guest". +# 818| } +# 819| +# 820|-> return o.Guest.ToolsRunningStatus == string(types.VirtualMachineToolsRunningStatusGuestToolsRunning), nil +# 821| } +# 822| + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:711: lock: Locking "db.mmaplock". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:714: path: Condition "!db.opened", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:721: path: Condition "db.data == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:733: def: Assigning data that might be protected by the lock to "n". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:736: unlock: Unlocking "db.metalock". "n" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:739: lockagain: Locking "db.statlock" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:741: use: Using an unreliable value of "n" inside the second locked section. If the data that "n" depends on was changed by another thread, this use might be incorrect. +# 739| db.statlock.Lock() +# 740| db.stats.TxN++ +# 741|-> db.stats.OpenTxN = n +# 742| db.statlock.Unlock() +# 743| + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:814: lock: Locking "db.metalock". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:817: path: Condition "i < len(db.txs)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:818: path: Condition "t == tx", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:823: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:826: def: Assigning data that might be protected by the lock to "n". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:829: unlock: Unlocking "db.metalock". "n" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:832: lockagain: Locking "db.statlock" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go:833: use: Using an unreliable value of "n" inside the second locked section. If the data that "n" depends on was changed by another thread, this use might be incorrect. +# 831| // Merge statistics. +# 832| db.statlock.Lock() +# 833|-> db.stats.OpenTxN = n +# 834| db.stats.TxStats.add(&tx.stats) +# 835| db.statlock.Unlock() + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:73: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:80: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:87: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:93: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:102: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:108: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:113: path: Condition "derBlock == nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:113: var_compare_op: Comparing "derBlock" to null implies that "derBlock" might be null. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:116: null_field_access: Accessing field of null object "derBlock". +# 114| t.Fatalf("failed to read DER block from signature PEM %s", tmpSignedFile.Name()) +# 115| } +# 116|-> p7, err := Parse(derBlock.Bytes) +# 117| if err != nil { +# 118| t.Fatalf("Parse encountered unexpected error: %v", err) + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:116: insufficient_logging: Calling "Parse". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:116: assign: Assigning: "err" = "Parse(derBlock.Bytes)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:119: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:117: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go:117: remediation: Log this issue to improve detection and response to security incidents. +# 115| } +# 116| p7, err := Parse(derBlock.Bytes) +# 117|-> if err != nil { +# 118| t.Fatalf("Parse encountered unexpected error: %v", err) +# 119| } + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:700: taint: Calling "AuthorizeOrder". This call taints "(.$0).URI". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:756: sink: Calling "WaitOrder". This call uses "o.URI" for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:756: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 754| // All authorizations are satisfied. +# 755| // Wait for the CA to update the order status. +# 756|-> o, err = client.WaitOrder(ctx, o.URI) +# 757| if err != nil { +# 758| continue AuthorizeOrderLoop + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:793: insufficient_logging: Calling "acmeClient". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:793: assign: Assigning: "err" = "m.acmeClient(ctx)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:796: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:794: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go:794: remediation: Log this issue to improve detection and response to security incidents. +# 792| defer cancel() +# 793| client, err := m.acmeClient(ctx) +# 794|-> if err != nil { +# 795| return +# 796| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go:80: insufficient_logging: Calling "do". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go:80: assign: Assigning: "err" = "dr.do(ctx)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go:84: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go:81: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go:81: remediation: Log this issue to improve detection and response to security incidents. +# 79| // TODO: rotate dr.key at some point? +# 80| next, err := dr.do(ctx) +# 81|-> if err != nil { +# 82| next = renewJitter / 2 +# 83| next += time.Duration(pseudoRand.int63n(int64(next))) + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:29: taint: Calling "accountKID". +* This call returns a reference to "c.KID". +* This call taints "c.KID". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:29: assign: Assigning: "url" = "(string)c.accountKID(ctx)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:34: sink: Calling "post". This call uses "url" for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:34: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 32| } +# 33| req := json.RawMessage(`{"status": "deactivated"}`) +# 34|-> res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK)) +# 35| if err != nil { +# 36| return err + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:103: taint: Calling "accountKID". +* This call returns a reference to "c.KID". +* This call taints "c.KID". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:103: assign: Assigning: "url" = "(string)c.accountKID(ctx)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:112: sink: Calling "post". This call uses "url" for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:112: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 110| Contact: a.Contact, +# 111| } +# 112|-> res, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK)) +# 113| if err != nil { +# 114| return nil, err + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:358: taint: Calling "responseOrder". This call taints "(.$0).URI". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:365: sink: Calling "WaitOrder". This call uses "o.URI" for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go:365: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +# 363| // Wait for CA to issue the cert if they haven't. +# 364| if o.Status != StatusValid { +# 365|-> o, err = c.WaitOrder(ctx, o.URI) +# 366| } +# 367| if err != nil { + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:930: lock: Locking "cc.wmu". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:931: def: Assigning data that might be protected by the lock to "maxConcurrent". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:932: path: Condition "!cc.seenSettings", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:935: unlock: Unlocking "cc.wmu". "maxConcurrent" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:937: lockagain: Locking "cc.mu" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go:939: use: Using an unreliable value of "maxConcurrent" inside the second locked section. If the data that "maxConcurrent" depends on was changed by another thread, this use might be incorrect. +# 937| cc.mu.Lock() +# 938| defer cc.mu.Unlock() +# 939|-> return ClientConnState{ +# 940| Closed: cc.closed, +# 941| Closing: cc.closing || cc.singleUse || cc.doNotReuse || cc.goAway != nil, + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:25: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:25: assign: Assigning: "err" = "ParsePKCS8PrivateKey(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:31: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:26: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:26: remediation: Log this issue to improve detection and response to security incidents. +# 24| } +# 25| parsedKey, err := x509.ParsePKCS8PrivateKey(key) +# 26|-> if err != nil { +# 27| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 28| if err != nil { + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:27: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:27: assign: Assigning: "err" = "ParsePKCS1PrivateKey(key)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:30: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:28: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go:28: remediation: Log this issue to improve detection and response to security incidents. +# 26| if err != nil { +# 27| parsedKey, err = x509.ParsePKCS1PrivateKey(key) +# 28|-> if err != nil { +# 29| return nil, fmt.Errorf("private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v", err) +# 30| } + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:696: lock: Locking "t.lock". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:699: def: Assigning data that might be protected by the lock to "oldPrompt". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:703: unlock: Unlocking "(*t).lock". "oldPrompt" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:703: lockagain: Locking "(*t).lock" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:705: use: Using an unreliable value of "oldPrompt" inside the second locked section. If the data that "oldPrompt" depends on was changed by another thread, this use might be incorrect. +# 703| line, err = t.readLine() +# 704| +# 705|-> t.prompt = oldPrompt +# 706| t.echo = true +# 707| + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:722: path: Condition "t.cursorX == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:722: path: Condition "t.cursorY == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:730: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:733: path: Condition "!lineOk", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:736: path: Condition "key == 65533 /* RuneError */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:737: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:764: path: Condition "len(rest) > 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:767: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:772: path: Condition "lineOk", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:792: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:797: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:730: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:733: path: Condition "!lineOk", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:736: path: Condition "key == 65533 /* RuneError */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:737: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:764: path: Condition "len(rest) > 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:767: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:772: path: Condition "lineOk", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:790: lock: Locking "t.lock". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:792: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:797: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:730: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:733: path: Condition "!lineOk", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:736: path: Condition "key == 65533 /* RuneError */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:739: path: Condition "!t.pasteActive", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:740: path: Condition "key == 4 /* keyCtrlD */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:741: path: Condition "len(t.line) == 0", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:745: path: Condition "key == 3 /* keyCtrlC */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:748: path: Condition "key == 55314 /* keyPasteStart */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:755: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:759: path: Condition "!t.pasteActive", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:762: def: Assigning data that might be protected by the lock to "line". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:763: path: Jumping back to the beginning of the loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:733: path: Condition "!lineOk", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:736: path: Condition "key == 65533 /* RuneError */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:737: path: Breaking from loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:764: path: Condition "len(rest) > 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:767: path: Falling through to end of if statement. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:772: path: Condition "lineOk", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:788: unlock: Unlocking "t.lock". "line" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:792: path: Condition "err != nil", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:790: lockagain: Locking "t.lock" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go:793: use: Using an unreliable value of "line" inside the second locked section. If the data that "line" depends on was changed by another thread, this use might be incorrect. +# 791| +# 792| if err != nil { +# 793|-> return +# 794| } +# 795| + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go:117: insufficient_logging: Calling a function that may return an error. These errors should be logged. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go:117: assign: Assigning: "err" = "ParseCertificate(cert.Certificate[0])". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go:120: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go:118: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go:118: remediation: Log this issue to improve detection and response to security incidents. +# 116| } +# 117| parsed, err := x509.ParseCertificate(cert.Certificate[0]) +# 118|-> if err != nil { +# 119| return true +# 120| } + +Error: URL_MANIPULATION (CWE-918): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10013: assign: Assigning: "res" = "c.doRequest("json")". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10030: taint: The field "res.Header" is a source of untrusted data. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10030: identity: Calling "Get". This call assigns "res.Header" to "". Now "" is tainted. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10030: identity: Calling "ResumableUpload". This call assigns "res.Header.Get("Location")" to "().URI". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10030: assign: Assigning: "rx" = "c.mediaInfo_.ResumableUpload(res.Header.Get("Location"))". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10039: sink: Calling "Upload". This call uses "rx.URI" for sensitive computation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go:10039: remediation: URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security. +#10037| ctx = context.TODO() +#10038| } +#10039|-> res, err = rx.Upload(ctx) +#10040| if err != nil { +#10041| return nil, err + +Error: ATOMICITY (CWE-667): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:744: lock: Locking "cs.mu". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:745: path: Condition "true", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:746: path: Condition "cs.committed", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:754: path: Condition "len(cs.buffer) == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:760: path: Condition "err != nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:766: def: Assigning data that might be protected by the lock to "a". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:767: unlock: Unlocking "cs.mu". "a" might now be unreliable because other threads can now change the data that it depends on. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:770: path: Condition "a != cs.attempt", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:774: path: Condition "err == EOF", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:777: path: Condition "err == nil", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:777: path: Condition "err == EOF", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:777: path: Condition "a.s.Status().Code() == 0 /* OK */", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:769: lockagain: Locking "cs.mu" again. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go:782: use: Using an unreliable value of "a" inside the second locked section. If the data that "a" depends on was changed by another thread, this use might be incorrect. +# 780| return err +# 781| } +# 782|-> if err := cs.retryLocked(a, err); err != nil { +# 783| cs.mu.Unlock() +# 784| return err + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:208: path: Condition " < len(accessors)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:210: path: Condition "m.IsValid()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "v.Kind() == 25 /* Struct */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "!rv.IsValid()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:216: path: Condition "!rv.IsValid()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:219: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:221: path: Condition "!rv.IsNil()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:228: path: Switch case value "Interface". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: type_assertion: Type assertion can store "nil" into "n". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: path: Condition "ok", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:243: path: Condition "isZero", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:244: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:208: path: Condition " < len(accessors)", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:210: path: Condition "m.IsValid()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "v.Kind() == 25 /* Struct */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:213: path: Condition "!rv.IsValid()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:216: path: Condition "!rv.IsValid()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:219: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:221: path: Condition "!rv.IsNil()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:228: path: Switch case value "Interface". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:240: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go:241: null_method_call: Calling a method on null object "n". +# 239| } +# 240| if n, ok := rv.Interface().(list); ok { +# 241|-> isZero = n.Len() == 0 +# 242| } +# 243| if isZero { + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go:515: insufficient_logging: Calling "decryptKey". This function call creates a logging obligation. (The interface method resolves to "opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go:515: assign: Assigning: "err" = "decrypter.decryptKey(recipientHeaders, &recipient, generator)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go:524: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go:516: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go:516: remediation: Log this issue to improve detection and response to security incidents. +# 514| +# 515| cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) +# 516|-> if err == nil { +# 517| // Found a valid CEK -- let's try to decrypt. +# 518| plaintext, err = cipher.decrypt(cek, authData, parts) + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go:157: insufficient_logging: Calling "sanitized". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go:157: assign: Assigning: "err" = "mergedHeaders.sanitized()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go:160: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go:158: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go:158: remediation: Log this issue to improve detection and response to security incidents. +# 156| mergedHeaders := obj.mergedHeaders(nil) +# 157| obj.Header, err = mergedHeaders.sanitized() +# 158|-> if err != nil { +# 159| return nil, fmt.Errorf("go-jose/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders) +# 160| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go:172: insufficient_logging: Calling "parseCertificateChain". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go:172: assign: Assigning: "err" = "parseCertificateChain(raw.X5c)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go:175: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go:173: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go:173: remediation: Log this issue to improve detection and response to security incidents. +# 171| +# 172| certs, err := parseCertificateChain(raw.X5c) +# 173|-> if err != nil { +# 174| return fmt.Errorf("go-jose/go-jose: failed to unmarshal x5c field: %s", err) +# 175| } + +Error: FORWARD_NULL (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:577: path: Condition "val.Kind() == 22 /* Ptr */", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:584: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:591: path: Condition "tag == "-"", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "omitEmpty", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "isEmptyValue(field)", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:600: type_assertion: Type assertion can store "nil" into "r". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:600: path: Condition "ok", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:605: path: Condition "len(fieldName) == 0", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:606: path: Continuing loop. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:582: path: Condition "i < typ.NumField()", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:583: path: Condition "!val.Field(i).CanInterface()", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:591: path: Condition "tag == "-"", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:596: path: Condition "omitEmpty", taking false branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:600: path: Condition "ok", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go:601: null_method_call: Calling a method on null object "r". +# 599| +# 600| if r, ok := field.Interface().(StructReflector); ok { +# 601|-> return r.ReflectINIStruct(s.f) +# 602| } +# 603| + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go:515: insufficient_logging: Calling "decryptKey". This function call creates a logging obligation. (The interface method resolves to "opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)".) +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go:515: assign: Assigning: "err" = "decrypter.decryptKey(recipientHeaders, &recipient, generator)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go:524: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go:516: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go:516: remediation: Log this issue to improve detection and response to security incidents. +# 514| +# 515| cek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator) +# 516|-> if err == nil { +# 517| // Found a valid CEK -- let's try to decrypt. +# 518| plaintext, err = cipher.decrypt(cek, authData, parts) + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go:157: insufficient_logging: Calling "sanitized". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go:157: assign: Assigning: "err" = "mergedHeaders.sanitized()". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go:160: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go:158: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go:158: remediation: Log this issue to improve detection and response to security incidents. +# 156| mergedHeaders := obj.mergedHeaders(nil) +# 157| obj.Header, err = mergedHeaders.sanitized() +# 158|-> if err != nil { +# 159| return nil, fmt.Errorf("square/go-jose: cannot sanitize merged headers: %v (%v)", err, mergedHeaders) +# 160| } + +Error: INSUFFICIENT_LOGGING (CWE-778): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go:172: insufficient_logging: Calling "parseCertificateChain". This function call creates a logging obligation. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go:172: assign: Assigning: "err" = "parseCertificateChain(raw.X5c)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go:175: insufficient_logging: This branch is missing logging after the method call. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go:173: insufficient_logging: Condition is checking a possible error value. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go:173: remediation: Log this issue to improve detection and response to security incidents. +# 171| +# 172| certs, err := parseCertificateChain(raw.X5c) +# 173|-> if err != nil { +# 174| return fmt.Errorf("square/go-jose: failed to unmarshal x5c field: %s", err) +# 175| } + +Error: NULL_RETURNS (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:580: path: Condition "first", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:581: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:581: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:582: null_field_access: Accessing field of null object "token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 580| if first { +# 581| token := peek_token(parser) +# 582|-> parser.marks = append(parser.marks, token.start_mark) +# 583| skip_token(parser) +# 584| } + +Error: NULL_RETURNS (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:676: path: Condition "first", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:677: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:677: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:678: null_field_access: Accessing field of null object "token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 676| if first { +# 677| token := peek_token(parser) +# 678|-> parser.marks = append(parser.marks, token.start_mark) +# 679| skip_token(parser) +# 680| } + +Error: NULL_RETURNS (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:771: path: Condition "first", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:772: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:772: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:773: null_field_access: Accessing field of null object "token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 771| if first { +# 772| token := peek_token(parser) +# 773|-> parser.marks = append(parser.marks, token.start_mark) +# 774| skip_token(parser) +# 775| } + +Error: NULL_RETURNS (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:905: path: Condition "first", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:906: returned_null: "peek_token" returns "nil" (checked 32 out of 36 times). +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:906: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:907: null_field_access: Accessing field of null object "token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:362: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:363: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:391: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:392: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1020: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1021: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1053: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:1054: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:175: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go:176: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 905| if first { +# 906| token := peek_token(parser) +# 907|-> parser.marks = append(parser.marks, token.start_mark) +# 908| skip_token(parser) +# 909| } + +Error: NULL_RETURNS (CWE-476): +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1067: path: Condition "first", taking true branch. +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1068: returned_null: "peek_token" returns "nil" (checked 36 out of 37 times). +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1068: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1069: null_field_access: Accessing field of null object "token". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:458: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:459: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:791: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:792: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1183: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1184: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1216: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:1217: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:232: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go:233: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 1067| if first { +# 1068| token := peek_token(parser) +# 1069|-> parser.marks = append(parser.marks, token.start_mark) +# 1070| skip_token(parser) +# 1071| } + +Error: WRITE_CONST_FIELD (CWE-843): +php-8.0.30/Zend/zend_alloc.h:310: field_definition: A const-qualified field is defined. +php-8.0.30/Zend/zend_alloc.c:2976: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 2974| zend_mm_heap *heap; +# 2975| +# 2976|-> memcpy((zend_mm_handlers*)&tmp_storage.handlers, handlers, sizeof(zend_mm_handlers)); +# 2977| tmp_storage.data = data; +# 2978| chunk = (zend_mm_chunk*)handlers->chunk_alloc(&tmp_storage, ZEND_MM_CHUNK_SIZE, ZEND_MM_CHUNK_SIZE); + +Error: WRITE_CONST_FIELD (CWE-843): +php-8.0.30/Zend/zend_alloc.h:310: field_definition: A const-qualified field is defined. +php-8.0.30/Zend/zend_alloc.c:3036: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 3034| return NULL; +# 3035| } +# 3036|-> memcpy(storage, &tmp_storage, sizeof(zend_mm_storage)); +# 3037| if (data) { +# 3038| storage->data = (void*)(((char*)storage + sizeof(zend_mm_storage))); + +Error: RETURN_LOCAL (CWE-562): +php-8.0.30/ext/standard/browscap.c:245: path: Condition "!!((24UL /* __builtin_offsetof() */ + str->len + 1 + (7UL /* 8 - 1 */) & 18446744073709551608UL /* ~(8 - 1) */) > 32768UL /* 32 * 1024 */)", taking false branch. +php-8.0.30/ext/standard/browscap.c:245: path: Condition "use_heap = !!((24UL /* __builtin_offsetof() */ + str->len + 1 + (7UL /* 8 - 1 */) & 18446744073709551608UL /* ~(8 - 1) */) > 32768UL /* 32 * 1024 */)", taking false branch. +php-8.0.30/ext/standard/browscap.c:245: local_ptr_alloc: Stack allocation: "__builtin_alloca(24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL)". +php-8.0.30/ext/standard/browscap.c:245: local_ptr_assign_ptr: Assigning: "lcname" = "(zend_string *)((use_heap = !!((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) > 32768UL)) ? 0 ? ((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 8UL) ? _emalloc_8() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 16UL) ? _emalloc_16() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 24UL) ? _emalloc_24() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 32UL) ? _emalloc_32() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 40UL [...] +php-8.0.30/ext/standard/browscap.c:249: path: Condition "interned", taking false branch. +php-8.0.30/ext/standard/browscap.c:252: identity_transfer: Passing "lcname" as argument 1 to function "zend_string_dup", which returns that argument. +php-8.0.30/ext/standard/browscap.c:252: local_ptr_assign_ptr: Assigning: "interned" = "zend_string_dup(lcname, persistent)". +php-8.0.30/ext/standard/browscap.c:253: path: Condition "persistent", taking false branch. +php-8.0.30/ext/standard/browscap.c:259: path: Condition "!!use_heap", taking false branch. +php-8.0.30/ext/standard/browscap.c:260: return_local_alloc_alias: Returning pointer "interned" which points to space allocated on the stack by "__builtin_alloca(24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL)". +# 258| +# 259| ZSTR_ALLOCA_FREE(lcname, use_heap); +# 260|-> return interned; +# 261| } +# 262| +php-8.0.30/ext/standard/browscap.c:260: note: trimmed 1 message(s) with length over 512 + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:123: return_thread_shared: Call to "getServletConfig" returns a pointer to thread-shared data. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:123: thread_unsafe_modification: Thread-shared "getServletConfig()" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:123: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:123: write: "getServletConfig()" is modified in call to "getServletContext". (The virtual call resolves to "org.apache.catalina.core.StandardWrapper.getServletContext".) +# 121| @Override +# 122| public ServletContext getServletContext() { +# 123|-> return getServletConfig().getServletContext(); +# 124| } +# 125| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:237: path: Condition "javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:234: thread_entry_point: "doHead" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:238: thread_unsafe_modification: Thread-shared "this.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:238: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:238: write: "this.config" is modified in call to "doGet". (The virtual call resolves to "ServletToJsp.doGet".) +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:238: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 236| +# 237| if (DispatcherType.INCLUDE.equals(req.getDispatcherType())) { +# 238|-> doGet(req, resp); +# 239| } else { +# 240| NoBodyResponse response = new NoBodyResponse(resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:237: path: Condition "javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:234: thread_entry_point: "doHead" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:241: thread_unsafe_modification: Thread-shared "this.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:241: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:241: write: "this.config" is modified in call to "doGet". (The virtual call resolves to "ServletToJsp.doGet".) +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:241: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 239| } else { +# 240| NoBodyResponse response = new NoBodyResponse(resp); +# 241|-> doGet(req, response); +# 242| if (req.isAsyncStarted()) { +# 243| req.getAsyncContext().addListener(new NoBodyAsyncContextListener(response)); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:476: returned_null: "getAllDeclaredMethods" returns "null" (checked 1 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:476: var_assigned: Assigning: "methods" = "null" return value from "getAllDeclaredMethods". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:492: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:498: null_array_length: Accessing length of null array "methods". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:427: example_assign: Example 1: Assigning: "parentMethods" = return value from "javax.servlet.http.HttpServlet.getAllDeclaredMethods(c.getSuperclass())". +apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java:430: example_checked: Example 1 (cont.): "parentMethods" has its value checked in "parentMethods != null". +# 496| // End of Tomcat specific hack +# 497| +# 498|-> for (int i=0; i doGet(req, resp); +# 656| } else { +# 657| long ifModifiedSince; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/Manager.java:241: returned_null: "getSessionIdGenerator" returns "null" (checked 4 out of 7 times). (The virtual call resolves to "org.apache.catalina.session.ManagerBase.getSessionIdGenerator".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/Manager.java:241: null_method_call: Calling a method on null object "getSessionIdGenerator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/ClusterManagerBase.java:163: example_checked: Example 1: "getSessionIdGenerator()" has its value checked in "getSessionIdGenerator() != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:644: example_assign: Example 2: Assigning: "sessionIdGenerator" = return value from "getSessionIdGenerator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:645: example_checked: Example 2 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:89: example_assign: Example 3: Assigning: "sessionIdGenerator" = return value from "manager.getSessionIdGenerator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:90: example_checked: Example 3 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java:54: example_assign: Example 4: Assigning: "sessionIdGenerator" = return value from "manager.getSessionIdGenerator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java:55: example_checked: Example 4 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator != null". +# 239| boolean duplicate = true; +# 240| do { +# 241|-> newSessionId = getSessionIdGenerator().generateSessionId(); +# 242| try { +# 243| if (findSession(newSessionId) == null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java:171: returned_null: "getJMXConnection" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java:171: null_method_call: Calling a method on null object "getJMXConnection()". +# 169| protected String accessJMXValue() { +# 170| try { +# 171|-> Object result = getJMXConnection().getAttribute( +# 172| new ObjectName(name), attribute); +# 173| if (result != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java:329: path: Condition "!getState().isAvailable()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: path: Condition "session.getMaxInactiveInterval() > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 335| // session was logged out, we'll log out of all session associated with +# 336| // the SSO. +# 337|-> if (((session.getMaxInactiveInterval() > 0) +# 338| && (session.getIdleTimeInternal() >= session.getMaxInactiveInterval() * 1000)) +# 339| || (!session.getManager().getContext().getState().isAvailable())) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java:41: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java:41: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 39| public SingleSignOnSessionKey(Session session) { +# 40| this.sessionId = session.getId(); +# 41|-> Context context = session.getManager().getContext(); +# 42| this.contextName = context.getName(); +# 43| this.hostName = context.getParent().getName(); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:189: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 184| appContextRegistrations.get(getRegistrationID(null, appContext)); +# 185| if (registration != null) { +# 186|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 187| if (layer.equals(wrapper.getMessageLayer()) && +# 188| appContext.equals(wrapper.getAppContext())) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:195: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: Iterating over another element of "layerRegistrations.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:202: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 198| // Need to check registrations for all layers +# 199| for (RegistrationContextImpl registration : layerRegistrations.values()) { +# 200|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 201| if (appContext.equals(wrapper.getAppContext())) { +# 202| registration.listeners.remove(wrapper); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:195: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: Iterating over another element of "layerRegistrations.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:206: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: No elements left in "layerRegistrations.values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:208: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:210: path: Iterating over another element of "defaultRegistration.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:217: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:214: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:217: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 209| // Need to check default +# 210| for (RegistrationContextImpl registration : defaultRegistration.values()) { +# 211|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 212| if (appContext != null && appContext.equals(wrapper.getAppContext()) || +# 213| layer != null && layer.equals(wrapper.getMessageLayer())) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: enhanced_for: Starting an iteration on "previous.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: path: Iterating over another element of "previous.listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:223: modify_iterable: Call to "remove" modifies "Iterable" "previous.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:225: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: invalid_loop: Attempting to obtain another element from "previous.listeners" after it's been modified. +# 220| } else { +# 221| // Replaced an existing registration so need to notify those listeners +# 222|-> for (RegistrationListenerWrapper wrapper : previous.listeners) { +# 223| previous.listeners.remove(wrapper); +# 224| wrapper.listener.notify(wrapper.messageLayer, wrapper.appContext); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: enhanced_for: Starting an iteration on "listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: path: Iterating over another element of "listeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:475: path: Condition "wrapper.getListener().equals(listener)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:476: modify_iterable: Call to "remove" modifies "Iterable" "listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:479: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: invalid_loop: Attempting to obtain another element from "listeners" after it's been modified. +# 472| private boolean removeListener(RegistrationListener listener) { +# 473| boolean result = false; +# 474|-> for (RegistrationListenerWrapper wrapper : listeners) { +# 475| if (wrapper.getListener().equals(listener)) { +# 476| listeners.remove(wrapper); + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:554: path: Condition "conv != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:560: path: Condition "coyoteResponse != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:560: var_compare_op: Comparing "coyoteResponse" to null implies that "coyoteResponse" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:564: path: Condition "charset == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:565: null_method_call: Calling a method on null object "coyoteResponse". +# 563| +# 564| if (charset == null) { +# 565|-> if (coyoteResponse.getCharacterEncoding() != null) { +# 566| // setCharacterEncoding() was called with an invalid character set +# 567| // Trigger an UnsupportedEncodingException + +Error: UNUSED_VALUE (CWE-563): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:570: value_overwrite: Overwriting previous write to "charset" with value from "org.apache.coyote.Constants.DEFAULT_BODY_CHARSET". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java:568: returned_reference: Assigning value from "org.apache.tomcat.util.buf.B2CConverter.getCharset(coyoteResponse.getCharacterEncoding())" to "charset" here, but that stored value is overwritten before it can be used. +# 566| // setCharacterEncoding() was called with an invalid character set +# 567| // Trigger an UnsupportedEncodingException +# 568|-> charset = B2CConverter.getCharset(coyoteResponse.getCharacterEncoding()); +# 569| } +# 570| charset = org.apache.coyote.Constants.DEFAULT_BODY_CHARSET; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2786: path: Condition "response.isCommitted()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2791: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2791: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:877: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:878: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:161: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2789| } +# 2790| +# 2791|-> return getContext().getAuthenticator().authenticate(this, response); +# 2792| } +# 2793| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2800: path: Condition "getAuthType() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2800: path: Condition "getRemoteUser() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2800: path: Condition "getUserPrincipal() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2806: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2806: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:877: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:878: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:161: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2804| } +# 2805| +# 2806|-> getContext().getAuthenticator().login(username, password, this); +# 2807| } +# 2808| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2814: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2814: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:877: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java:878: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:161: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2812| @Override +# 2813| public void logout() throws ServletException { +# 2814|-> getContext().getAuthenticator().logout(this); +# 2815| } +# 2816| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1162: path: Condition "isEncodeable(toAbsolute(url))", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1163: returned_null: "getSessionInternal" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1163: null_method_call: Calling a method on null object "request.getSessionInternal()". +# 1161| public String encodeRedirectURL(String url) { +# 1162| if (isEncodeable(toAbsolute(url))) { +# 1163|-> return toEncoded(url, request.getSessionInternal().getIdInternal()); +# 1164| } else { +# 1165| return url; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1200: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1205: path: Condition "isEncodeable(absolute)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1207: path: Condition "url.equalsIgnoreCase("")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1209: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1212: returned_null: "getSessionInternal" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java:1212: null_method_call: Calling a method on null object "request.getSessionInternal()". +# 1210| url += '/'; +# 1211| } +# 1212|-> return toEncoded(url, request.getSessionInternal().getIdInternal()); +# 1213| } else { +# 1214| return url; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:212: returned_null: "findServletMappings" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findServletMappings".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:212: var_assigned: Assigning: "urlPatterns" = "null" return value from "findServletMappings". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:213: null_array_length: Accessing length of null array "urlPatterns". +# 211| +# 212| String[] urlPatterns = context.findServletMappings(); +# 213|-> for (String urlPattern : urlPatterns) { +# 214| String name = context.findServletMapping(urlPattern); +# 215| if (name.equals(servletName)) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6120: path: Condition "workDir == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6127: path: Condition "parentHost != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6129: path: Condition "parentHost instanceof org.apache.catalina.core.StandardHost", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6133: path: Condition "parentEngine != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6137: path: Condition "hostName == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6140: path: Condition "engineName == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6145: path: Condition "temp.startsWith("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6150: path: Condition "temp.length() < 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6153: path: Condition "hostWorkDir != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6164: path: Condition "!dir.isAbsolute()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6167: path: Throwing "java.io.IOException" (or subclass) from call to "getCanonicalPath". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6169: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6174: path: Condition "!dir.mkdirs()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6174: path: Condition "!dir.isDirectory()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6180: path: Condition "context == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6180: var_compare_op: Comparing "context" to null implies that "context" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6181: no_write_call: Although "getServletContext" does overwrite "this.context" on some paths, it also contains at least one feasible path which does not overwrite it. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java:6183: null_method_call: Calling a method on null object "context". +# 6181| getServletContext(); +# 6182| } +# 6183|-> context.setAttribute(ServletContext.TEMPDIR, dir); +# 6184| context.setAttributeReadOnly(ServletContext.TEMPDIR); +# 6185| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:106: path: Condition "!context.getState().isAvailable()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:113: path: Condition "!unavailable", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:132: path: Condition "!unavailable", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:135: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:166: path: Condition "request.getDispatcherType() == javax.servlet.DispatcherType.ASYNC", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:180: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:207: path: Falling through to finally statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:260: path: Condition "filterChain != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:266: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:269: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:282: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:286: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:297: read_volatile: Reading "processingTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:297: intervening_update: Another thread writes to "processingTime". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java:297: stale_update: Updating "processingTime" based on a stale value. Any intervening update in another thread is overwritten. +# 295| +# 296| long time=t2-t1; +# 297|-> processingTime += time; +# 298| if( time > maxTime) { +# 299| maxTime=time; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:250: path: Condition "entries.contains(environment.getName())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:253: path: Condition "ce != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:259: path: Condition "rl != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:261: returned_null: "getServer" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:261: null_method_call: Calling a method on null object "getServer()". +# 259| } else if (rl != null) { +# 260| // Link. Need to look at the global resources +# 261|-> NamingResourcesImpl global = getServer().getGlobalNamingResources(); +# 262| if (global.findEnvironment(rl.getGlobal()) != null) { +# 263| if (global.findEnvironment(rl.getGlobal()).getOverride()) { + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:115: path: Condition "request instanceof javax.servlet.http.HttpServletRequest", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:115: path: Condition "response instanceof javax.servlet.http.HttpServletResponse", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:123: path: Condition ""GET" /* org.apache.catalina.filters.Constants.METHOD_GET */.equals(req.getMethod())", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:123: path: Condition "entryPoints.contains(getRequestedPath(req))", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:125: path: Condition "log.isTraceEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:134: get_attribute: Calling "getAttribute" on thread-shared object "session". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:139: path: Condition "!skipNonceCheck", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:180: path: Condition "nonceCache == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:181: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:182: path: Condition "null == session", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:186: path: Condition "session == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:193: set_attribute: Calling "setAttribute" on thread-shared object "session" can result in a lost update. +# 191| session = req.getSession(true); +# 192| } +# 193|-> session.setAttribute( +# 194| Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache); +# 195| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1288: path: Condition "contentType == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1302: path: Condition "contentType != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1309: path: Condition "configuration != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1319: path: Condition "org.apache.catalina.filters.ExpiresFilter.contains(contentType, ";")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1321: returned_null: "substringBefore" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java:1321: null_method_call: Calling a method on null object "org.apache.catalina.filters.ExpiresFilter.substringBefore(contentType, ";")". +# 1319| if (contains(contentType, ";")) { +# 1320| // lookup content-type without charset match (e.g. "text/html") +# 1321|-> String contentTypeWithoutCharset = substringBefore(contentType, ";").trim(); +# 1322| configuration = expiresConfigurationByContentType.get(contentTypeWithoutCharset); +# 1323| + +Error: LOCK_INVERSION (CWE-833): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:504: path: Condition "!isValid", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:508: lock_acquire: Acquiring lock "DeltaSession.this". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:511: path: Condition "!isValid", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:515: path: Condition "manager == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:521: path: Condition "notifyCluster", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:521: path: Condition "expiredId != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:521: path: Condition "manager instanceof org.apache.catalina.ha.session.DeltaManager", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:525: lock_order: Acquiring lock "DeltaSession.diffLock.lock()" while holding "DeltaSession.this" conflicts with the lock order established elsewhere. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:713: lock_acquire: Example 1: Calling "lockInternal" acquires lock "DeltaSession.diffLock.lock()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:716: example_lock_order: Example 1 (cont.): Calling "execute" acquires lock "DeltaSession.this" while holding "DeltaSession.diffLock.lock()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:200: lock_acquire: Example 2: Calling "lockInternal" acquires lock "DeltaSession.diffLock.lock()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:209: example_lock_order: Example 2 (cont.): Calling "execute" acquires lock "DeltaSession.this" while holding "DeltaSession.diffLock.lock()". +# 523| DeltaManager dmanager = (DeltaManager)manager; +# 524| CatalinaCluster cluster = dmanager.getCluster(); +# 525|-> ClusterMessage msg = dmanager.requestCompleted(expiredId, true); +# 526| if (msg != null) { +# 527| cluster.send(msg); + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:846: path: Condition "hasPrincipal", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:852: path: Condition "org.apache.catalina.ha.session.DeltaSession.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:857: path: Condition "attributes == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:861: save: Saving non-local "isValid" in local "isValidSave". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:862: modify: Modifying non-local "isValid". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:863: path: Condition "i < n", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: exception: Value of non-local "isValid" that was saved in "isValidSave" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: remediation: Did you intend to handle restoring "isValid" in a finally block to ensure it is always executed? +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: path: Throwing "java.io.IOException" (or subclass) from call to "readObject". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:868: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:869: path: Condition "wae.getCause() instanceof java.io.NotSerializableException", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:873: path: Throwing "java.io.WriteAbortedException" (or subclass); exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java:885: restore_example: The original value of non-local "isValid" was restored here. +# 865| final Object value; +# 866| try { +# 867|-> value = stream.readObject(); +# 868| } catch (WriteAbortedException wae) { +# 869| if (wae.getCause() instanceof NotSerializableException) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java:328: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java:328: null_method_call: Calling a method on null object "catalinaSession.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 326| String newSessionID, Session catalinaSession) { +# 327| fireLifecycleEvent("Before session migration", catalinaSession); +# 328|-> catalinaSession.getManager().changeSessionId(catalinaSession, newSessionID); +# 329| changeRequestSessionID(request, sessionId, newSessionID); +# 330| fireLifecycleEvent("After session migration", catalinaSession); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:431: path: Condition "sessions != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:431: path: Condition "sessions.size() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:432: path: Iterating over another element of "sessions". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:433: path: Condition "org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:438: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:439: read_volatile: Reading "nrOfCrossContextSendRequests", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:439: intervening_update: Another thread writes to "nrOfCrossContextSendRequests". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:439: stale_update: Updating "nrOfCrossContextSendRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 437| sendMessage(session,(ClusterManager)session.getManager()); +# 438| if(doStatistics()) { +# 439|-> nrOfCrossContextSendRequests++; +# 440| } +# 441| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:477: path: Condition "org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:478: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:478: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 476| protected void resetDeltaRequest(Session session) { +# 477| if(log.isDebugEnabled()) { +# 478|-> log.debug(sm.getString("ReplicationValve.resetDeltaRequest" , +# 479| session.getManager().getContext().getName() )); +# 480| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:492: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:495: path: Condition "!isRequestWithoutSessionChange(uri)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:501: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:502: read_volatile: Reading "nrOfFilterRequests", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:502: intervening_update: Another thread writes to "nrOfFilterRequests". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:502: stale_update: Updating "nrOfFilterRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 500| } else +# 501| if(doStatistics()) { +# 502|-> nrOfFilterRequests++; +# 503| } +# 504| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:530: path: Condition "msg != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:530: path: Condition "cluster != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:532: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:533: read_volatile: Reading "nrOfSendRequests", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:533: intervening_update: Another thread writes to "nrOfSendRequests". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:533: stale_update: Updating "nrOfSendRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 531| cluster.send(msg); +# 532| if(doStatistics()) { +# 533|-> nrOfSendRequests++; +# 534| } +# 535| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: read_volatile: Reading "totalSendTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: intervening_update: Another thread writes to "totalSendTime". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: stale_update: Updating "totalSendTime" based on a stale value. Any intervening update in another thread is overwritten. +# 573| long currentTime = System.currentTimeMillis(); +# 574| lastSendTime = currentTime; +# 575|-> totalSendTime += currentTime - clusterTime; +# 576| totalRequestTime += currentTime - requestTime; +# 577| nrOfRequests++; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:576: read_volatile: Reading "totalRequestTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:576: intervening_update: Another thread writes to "totalRequestTime". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:576: stale_update: Updating "totalRequestTime" based on a stale value. Any intervening update in another thread is overwritten. +# 574| lastSendTime = currentTime; +# 575| totalSendTime += currentTime - clusterTime; +# 576|-> totalRequestTime += currentTime - requestTime; +# 577| nrOfRequests++; +# 578| if(log.isInfoEnabled()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:577: read_volatile: Reading "nrOfRequests", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:577: intervening_update: Another thread writes to "nrOfRequests". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:577: stale_update: Updating "nrOfRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 575| totalSendTime += currentTime - clusterTime; +# 576| totalRequestTime += currentTime - requestTime; +# 577|-> nrOfRequests++; +# 578| if(log.isInfoEnabled()) { +# 579| if ( (nrOfRequests % 100) == 0 ) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:242: path: Condition "true", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:244: path: Condition "warPart == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:249: returned_null: "getSubmittedFileName" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationPart.getSubmittedFileName".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:249: var_assigned: Assigning: "filename" = "null" return value from "getSubmittedFileName". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:250: null_method_call: Calling a method on null object "filename". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java:2929: example_checked: Example 1: "part.getSubmittedFileName()" has its value checked in "part.getSubmittedFileName() == null". +# 248| } +# 249| String filename = warPart.getSubmittedFileName(); +# 250|-> if (!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) { +# 251| message = smClient.getString( +# 252| "htmlManagerServlet.deployUploadNotWar", filename); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1019: path: Condition "null == sessionIds", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1028: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1031: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1036: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1039: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1028: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1031: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1024: returned_null: "getSessionForNameAndId" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1024: null_method_call: Calling a method on null object "getSessionForNameAndId(cn, sessionId, smClient)". +# 1022| int nbAffectedSessions = 0; +# 1023| for (String sessionId : sessionIds) { +# 1024|-> HttpSession session = +# 1025| getSessionForNameAndId(cn, sessionId, smClient).getSession(); +# 1026| if (null == session) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1059: returned_null: "getSessionForNameAndId" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1059: null_method_call: Calling a method on null object "getSessionForNameAndId(cn, sessionId, smClient)". +# 1057| protected boolean removeSessionAttribute(ContextName cn, String sessionId, +# 1058| String attributeName, StringManager smClient) { +# 1059|-> HttpSession session = +# 1060| getSessionForNameAndId(cn, sessionId, smClient).getSession(); +# 1061| if (null == session) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java:271: var_compare_op: Comparing "parameters" to null implies that "parameters" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java:273: path: Condition "null == methodInfo", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java:291: path: Condition "i < signature.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java:294: null_array_access: Accessing an element on null array "parameters". +# 292| MBeanParameterInfo pi = signature[i]; +# 293| signatureTypes[i] = pi.getType(); +# 294|-> values[i] = registry.convertValue(pi.getType(), parameters[i]); +# 295| } +# 296| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1156: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1157: path: Condition "type != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1159: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1165: path: Condition "global == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1171: path: Condition "type != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1174: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.manager.ManagerServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:168: thread_shared_derived: "org.apache.catalina.manager.ManagerServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: thread_unsafe_modification: Thread-shared "global" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: write: "global" is modified in call to "printResources". +# 1176| } +# 1177| +# 1178|-> printResources(writer, "", global, type, smClient); +# 1179| +# 1180| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:39: returned_null: "findApplicationParameters" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findApplicationParameters".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:39: var_assigned: Assigning: "params" = "null" return value from "findApplicationParameters". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:40: null_array_length: Accessing length of null array "params". +# 38| +# 39| ApplicationParameter[] params = context.findApplicationParameters(); +# 40|-> String[] stringParams = new String[params.length]; +# 41| for (int counter = 0; counter < params.length; counter++) { +# 42| stringParams[counter] = params[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:60: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:60: var_assigned: Assigning: "constraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:61: null_array_length: Accessing length of null array "constraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 59| +# 60| SecurityConstraint[] constraints = context.findConstraints(); +# 61|-> String[] stringConstraints = new String[constraints.length]; +# 62| for (int counter = 0; counter < constraints.length; counter++) { +# 63| stringConstraints[counter] = constraints[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:80: returned_null: "findErrorPage" returns "null" (checked 2 out of 3 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPage".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:80: null_method_call: Calling a method on null object "context.findErrorPage(errorCode)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:229: example_assign: Example 1: Assigning: "errorPage" = return value from "context.findErrorPage(statusCode)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:230: example_checked: Example 1 (cont.): "errorPage" has its value checked in "errorPage == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:232: example_assign: Example 2: Assigning: "errorPage" = return value from "context.findErrorPage(0)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:234: example_checked: Example 2 (cont.): "errorPage" has its value checked in "errorPage != null". +# 78| public String findErrorPage(int errorCode) throws MBeanException { +# 79| Context context = doGetManagedResource(); +# 80|-> return context.findErrorPage(errorCode).toString(); +# 81| } +# 82| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:97: returned_null: "findErrorPage" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPage".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:97: null_method_call: Calling a method on null object "context.findErrorPage(exceptionType)". +# 95| public String findErrorPage(String exceptionType) throws MBeanException { +# 96| Context context = doGetManagedResource(); +# 97|-> return context.findErrorPage(exceptionType).toString(); +# 98| } +# 99| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:111: returned_null: "findErrorPage" returns "null" (checked 2 out of 3 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.findErrorPage".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:111: null_method_call: Calling a method on null object "context.findErrorPage(exceptionType)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:308: example_assign: Example 1: Assigning: "errorPage" = return value from "context.findErrorPage(throwable)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:309: example_checked: Example 1 (cont.): "errorPage" has its value checked in "errorPage == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:310: example_assign: Example 2: Assigning: "errorPage" = return value from "context.findErrorPage(realError)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java:313: example_checked: Example 2 (cont.): "errorPage" has its value checked in "errorPage != null". +# 109| public String findErrorPage(Throwable exceptionType) throws MBeanException { +# 110| Context context = doGetManagedResource(); +# 111|-> return context.findErrorPage(exceptionType).toString(); +# 112| } +# 113| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:125: returned_null: "findErrorPages" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPages".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:125: var_assigned: Assigning: "pages" = "null" return value from "findErrorPages". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:126: null_array_length: Accessing length of null array "pages". +# 124| +# 125| ErrorPage[] pages = context.findErrorPages(); +# 126|-> String[] stringPages = new String[pages.length]; +# 127| for (int counter = 0; counter < pages.length; counter++) { +# 128| stringPages[counter] = pages[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:147: returned_null: "findFilterDef" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findFilterDef".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:147: var_assigned: Assigning: "filterDef" = "null" return value from "findFilterDef". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java:148: null_method_call: Calling a method on null object "filterDef". +# 146| +# 147| FilterDef filterDef = context.findFilterDef(name); +# 148|-> return filterDef.toString(); +# 149| } +# 150| + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:311: identity: Calling "getCertificates". +* This call assigns "changeit" to "(this.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "this.defaultCertificate" to "this.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now "(this.certificates).certificateKeystor [...] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "getCertificates". This call returns "this.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now "(getCertificates()).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "iterator". This call assigns "getCertificates()" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "next". This call returns "getCertificates().iterator()". (The virtual call resolves to "java.util.Iterator.next()".) Now "getCertificates().iterator().next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: assign: Assigning: "certificate" = "(org.apache.tomcat.util.net.SSLHostConfigCertificate)getCertificates().iterator().next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:314: identity: Calling "JSSEUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:314: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.jsse.JSSEUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: password_use: Calling "getKeyManagers". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers()".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 317| setEnabledProtocols(sslUtil.getEnabledProtocols()); +# 318| setEnabledCiphers(sslUtil.getEnabledCiphers()); +# 319|-> sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null); +# 320| SSLSessionContext sessionContext = sslContext.getServerSessionContext(); +# 321| if (sessionContext != null) { +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: note: trimmed 1 message(s) with length over 512 + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:240: returned_null: "getParentContainerFromParent" returns "null" (checked 3 out of 4 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:240: var_assigned: Assigning: "container" = "null" return value from "getParentContainerFromParent". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:242: null_method_call: Calling a method on null object "container". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:579: example_assign: Example 1: Assigning: "container" = return value from "getParentContainerFromParent(pname)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:580: example_checked: Example 1 (cont.): "container" has its value checked in "container instanceof org.apache.catalina.Context". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:635: example_assign: Example 2: Assigning: "container" = return value from "getParentContainerFromParent(parentName)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:637: example_checked: Example 2 (cont.): "container" has its value checked in "container == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:670: example_assign: Example 3: Assigning: "container" = return value from "getParentContainerFromParent(pname)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java:671: example_checked: Example 3 (cont.): "container" has its value checked in "container instanceof org.apache.catalina.Context". +# 240| Container container = getParentContainerFromParent(pname); +# 241| // Add the new instance to its parent component +# 242|-> container.setRealm(realm); +# 243| // Return the corresponding MBean name +# 244| ObjectName oname = null; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java:114: returned_null: "getExecutor" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.StandardService.getExecutor".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java:114: var_assigned: Assigning: "executor" = "null" return value from "getExecutor". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java:115: null_method_call: Calling a method on null object "executor". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ConnectorCreateRule.java:62: example_assign: Example 1: Assigning: "ex" = return value from "svc.getExecutor(executorName)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ConnectorCreateRule.java:66: example_checked: Example 1 (cont.): "ex" has its value checked in "ex != null". +# 113| Service service = doGetManagedResource(); +# 114| Executor executor = service.getExecutor(name); +# 115|-> return executor.toString(); +# 116| } +# 117| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java:384: path: Condition "localDataSource", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java:388: returned_null: "getServer" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java:388: null_method_call: Calling a method on null object "getServer()". +# 386| context = (Context) context.lookup("comp/env"); +# 387| } else { +# 388|-> context = getServer().getGlobalNamingContext(); +# 389| } +# 390| DataSource dataSource = (DataSource)context.lookup(dataSourceName); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1304: path: Condition "username == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1304: path: Condition "username.equals("")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1304: path: Condition "credentials == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1304: path: Condition "credentials.equals("")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1311: path: Condition "userPatternArray != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1312: path: Condition "curUserPattern < userPatternArray.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1315: path: Condition "user != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1335: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1312: path: Condition "curUserPattern < userPatternArray.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1315: path: Condition "user != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1318: path: Condition "checkCredentials(connection.context, user, credentials)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1320: returned_null: "getRoles" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1320: var_assigned: Assigning: "roles" = "null" return value from "getRoles". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1321: path: Condition "containerLog.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:1322: null_method_call: Calling a method on null object "roles". +# 1320| List roles = getRoles(connection, user); +# 1321| if (containerLog.isDebugEnabled()) { +# 1322|-> containerLog.debug("Found roles: " + roles.toString()); +# 1323| } +# 1324| return new GenericPrincipal(username, credentials, roles); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2565: path: Iterating over another element of "java.util.Arrays.asList("java.naming.security.authentication", "java.naming.security.credentials", "java.naming.security.principal", "java.naming.security.protocol")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2568: path: Condition "entry != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2571: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2565: path: No elements left in "java.util.Arrays.asList("java.naming.security.authentication", "java.naming.security.credentials", "java.naming.security.principal", "java.naming.security.protocol")", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2574: new_resource: "new javax.naming.ldap.InitialLdapContext(env, null)" creates a new resource. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2574: var_assign: Assigning: "result" = resource returned from "new javax.naming.ldap.InitialLdapContext(env, null)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2575: noescape: Resource "result" is not closed or saved in "extendedOperation". (The virtual call resolves to "javax.naming.ldap.InitialLdapContext.extendedOperation".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2576: path: Condition "getHostnameVerifier() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2579: path: Condition "getCipherSuitesArray() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2585: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2589: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2590: path: Iterating over another element of "savedEnv.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2592: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2590: path: Iterating over another element of "savedEnv.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2591: path: Throwing "javax.naming.NamingException" (or subclass) from call to "addToEnvironment"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java:2591: leaked_resource: Variable "result" going out of scope leaks the resource it refers to. +# 2589| if (result != null) { +# 2590| for (Map.Entry savedEntry : savedEnv.entrySet()) { +# 2591|-> result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue()); +# 2592| } +# 2593| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:819: path: Condition "constraints == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:819: path: Condition "constraints.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:827: path: No elements left in "constraints", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "!denyfromall", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "allRolesMode != org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_MODE", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "!status", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "principal != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:885: path: Condition "org.apache.catalina.realm.RealmBase.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:889: path: Iterating over another element of "constraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:892: path: Condition "constraint.getAllRoles()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:893: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:903: path: Condition "roles.length == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:903: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:911: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:889: path: Iterating over another element of "constraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:892: path: Condition "constraint.getAllRoles()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:893: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:902: returned_null: "findSecurityRoles" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findSecurityRoles".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:902: var_assigned: Assigning: "roles" = "null" return value from "findSecurityRoles". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:903: null_array_length: Accessing length of null array "roles". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:831: example_assign: Example 1: Assigning: "roles" = return value from "request.getContext().findSecurityRoles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:836: example_checked: Example 1 (cont.): "roles" has its value checked in "roles == null". +# 901| // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles +# 902| roles = request.getContext().findSecurityRoles(); +# 903|-> if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) { +# 904| if (log.isDebugEnabled()) { +# 905| log.debug("Granting access for role-name=*, strict auth-only"); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:171: path: Condition "database == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:173: path: Condition "database == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:176: path: Condition "localJndiResource", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:180: returned_null: "getServer" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:180: null_method_call: Calling a method on null object "getServer()". +# 178| context = (Context) context.lookup("comp/env"); +# 179| } else { +# 180|-> context = getServer().getGlobalNamingContext(); +# 181| } +# 182| database = (UserDatabase) context.lookup(resourceName); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1594: path: Condition "!isReady()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1598: path: Condition "org.apache.catalina.servlets.CGIServlet.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(java.io.File.separator + "." + java.io.File.separator)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(java.io.File.separator + "..")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(".." + java.io.File.separator)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1623: path: Condition "cgiExecutable.length() != 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1626: path: Condition "cgiExecutableArgs != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1640: path: Condition "!"".equals(sContentLength)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1641: alloc_fn: A new resource is returned from allocation method "getOutputStream". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1641: var_assign: Assigning: "commandsStdIn" = resource returned from "new java.io.BufferedOutputStream(proc.getOutputStream())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1642: noescape: Resource "commandsStdIn" is not closed or saved in "flow". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1643: noescape: Resource "commandsStdIn" is not closed or saved in "flush". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1643: path: Throwing "java.io.IOException" (or subclass) from call to "flush". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1733: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1735: path: Throwing "java.io.IOException" (or subclass). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1738: path: Condition "cgiHeaderReader != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1746: path: Condition "cgiOutput != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1754: path: Condition "errReaderThread != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1760: path: Condition "proc != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1764: path: Leaving finally statement; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java:1764: leaked_resource: Variable "commandsStdIn" going out of scope leaks the resource it refers to. +# 1762| proc = null; +# 1763| } +# 1764|-> } +# 1765| } +# 1766| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:629: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:626: thread_entry_point: "doPut" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 634| String path = getRelativePath(req); +# 635| +# 636|-> WebResource resource = resources.getResource(path); +# 637| +# 638| Range range = parseContentRange(req, resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:702: path: Condition "contentFile.createNewFile()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 708| new RandomAccessFile(contentFile, "rw")) { +# 709| +# 710|-> WebResource oldResource = resources.getResource(path); +# 711| +# 712| // Copy data in oldRevisionContent to contentFile + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:758: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:755: thread_entry_point: "doDelete" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 763| String path = getRelativePath(req); +# 764| +# 765|-> WebResource resource = resources.getResource(path); +# 766| +# 767| if (resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:839: path: Condition "debug > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:840: path: Condition "serveContent", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:843: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:849: path: Condition "path.length() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 853| } +# 854| +# 855|-> WebResource resource = resources.getResource(path); +# 856| boolean isError = DispatcherType.ERROR == request.getDispatcherType(); +# 857| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.exists()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.isFile()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1341: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.exists()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.isFile()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1341: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1335| List ret = new ArrayList<>(compressionFormats.length); +# 1336| for (CompressionFormat format : compressionFormats) { +# 1337|-> WebResource precompressedResource = resources.getResource(path + format.extension); +# 1338| if (precompressedResource.exists() && precompressedResource.isFile()) { +# 1339| ret.add(new PrecompressedResource(precompressedResource, format)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:491: path: Condition "!listings", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:497: path: Condition "path.length() > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:497: path: Condition "path.endsWith("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:510: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:512: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:524: path: Condition "req.getContentLengthLong() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:537: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:539: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:553: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:537: path: Switch case value "org.w3c.dom.Node.ELEMENT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:541: path: Condition "currentNode.getNodeName().endsWith("prop")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:545: path: Condition "currentNode.getNodeName().endsWith("propname")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:548: path: Condition "currentNode.getNodeName().endsWith("allprop")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:551: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:553: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:561: path: Condition "type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:589: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:589: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:589: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:589: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 587| } +# 588| +# 589|-> WebResource resource = resources.getResource(path); +# 590| +# 591| if (!resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:491: path: Condition "!listings", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:497: path: Condition "path.length() > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:497: path: Condition "path.endsWith("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:510: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:512: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:524: path: Condition "req.getContentLengthLong() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:537: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:539: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:553: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:537: path: Switch case value "org.w3c.dom.Node.ELEMENT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:541: path: Condition "currentNode.getNodeName().endsWith("prop")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:545: path: Condition "currentNode.getNodeName().endsWith("propname")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:548: path: Condition "currentNode.getNodeName().endsWith("allprop")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:551: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:553: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:535: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:561: path: Condition "type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:591: path: Condition "!resource.exists()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:625: path: Condition "!resource.exists()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:641: path: Condition "depth == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:652: path: Condition "!stack.isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:652: path: Condition "depth >= 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:660: path: Condition "resource.isDirectory()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:695: path: Condition "stack.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:703: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:652: path: Condition "!stack.isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:652: path: Condition "depth >= 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:658: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:658: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:658: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:658: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 656| type, properties); +# 657| +# 658|-> resource = resources.getResource(currentPath); +# 659| +# 660| if (resource.isDirectory() && (depth > 0)) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:749: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:749: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:749: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:749: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 747| String path = getRelativePath(req); +# 748| +# 749|-> WebResource resource = resources.getResource(path); +# 750| +# 751| // Can't create a collection if a resource already exists at the given + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:833: path: Condition "isLocked(req)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:839: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:830: thread_entry_point: "doPut" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:839: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:839: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:839: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 837| +# 838| String path = getRelativePath(req); +# 839|-> WebResource resource = resources.getResource(path); +# 840| if (resource.isDirectory()) { +# 841| sendNotAllowed(req, resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:909: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:914: path: Condition "isLocked(req)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:927: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:929: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:941: path: Condition "lockDurationStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:943: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:978: path: Throwing "java.io.IOException" from call to "parse". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:984: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:988: path: Condition "lockInfoNode != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1113: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1113: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1113: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1113: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1111| lock.path = path; +# 1112| +# 1113|-> WebResource resource = resources.getResource(path); +# 1114| +# 1115| Enumeration locksList = null; + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:909: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:914: path: Condition "isLocked(req)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:927: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:929: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:941: path: Condition "lockDurationStr == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:943: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:984: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:988: path: Condition "lockInfoNode != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1000: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1002: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1004: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1018: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1000: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1002: path: Switch case value "org.w3c.dom.Node.ELEMENT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1007: path: Condition "nodeName.endsWith("lockscope")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1010: path: Condition "nodeName.endsWith("locktype")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1013: path: Condition "nodeName.endsWith("owner")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1016: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1018: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1000: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1020: path: Condition "lockScopeNode != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1023: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1025: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1027: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1038: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1023: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1040: path: Condition "lock.scope == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1045: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1050: path: Condition "lockTypeNode != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1053: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1055: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1057: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1068: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1053: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1070: path: Condition "lock.type == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1075: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1080: path: Condition "lockOwnerNode != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1083: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1085: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1088: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1096: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1083: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1098: path: Condition "lock.owner == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1103: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1117: path: Condition "lockRequestType == 0 /* org.apache.catalina.servlets.WebdavServlet.LOCK_CREATION */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1128: path: Condition "resource.isDirectory()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1128: path: Condition "lock.depth == maxDepth", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1136: path: Condition "locksList.hasMoreElements()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1138: path: Condition "currentLock.hasExpired()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1142: path: Condition "currentLock.path.startsWith(lock.path)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1142: path: Condition "currentLock.isExclusive()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1148: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1136: path: Condition "locksList.hasMoreElements()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1149: return_thread_shared: Call to "elements" returns a pointer to thread-shared data. (The virtual call resolves to "java.util.Hashtable.elements".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1149: assign: Assigning: "locksList" = "resourceLocks.elements()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1150: thread_unsafe_modification: Thread-shared "locksList" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1150: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1150: write: "locksList" is modified in call to "hasMoreElements". (The virtual call resolves to "org.apache.catalina.loader.WebappClassLoaderBase.CombinedEnumeration.hasMoreElements".) +# 1148| } +# 1149| locksList = resourceLocks.elements(); +# 1150|-> while (locksList.hasMoreElements()) { +# 1151| LockInfo currentLock = locksList.nextElement(); +# 1152| if (currentLock.hasExpired()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1554: path: Condition "destinationPath == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1563: path: Condition "protocolIndex >= 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1568: path: Condition "firstSeparator < 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1573: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1599: path: Condition "contextPath != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1599: path: Condition "destinationPath.startsWith(contextPath)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1605: path: Condition "pathInfo != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1607: path: Condition "servletPath != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1607: path: Condition "destinationPath.startsWith(servletPath)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1614: path: Condition "debug > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1619: path: Condition "isSpecialPath(destinationPath)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1626: path: Condition "destinationPath.equals(path)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1636: path: Condition "overwriteHeader != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1637: path: Condition "overwriteHeader.equalsIgnoreCase("T")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1639: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1646: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1646: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1646: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1646: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1644| // Overwriting the destination +# 1645| +# 1646|-> WebResource destination = resources.getResource(destinationPath); +# 1647| +# 1648| if (overwrite) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1707: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1711: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1711: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1711: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1711: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1709| } +# 1710| +# 1711|-> WebResource sourceResource = resources.getResource(source); +# 1712| +# 1713| if (sourceResource.isDirectory()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1707: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1713: path: Condition "sourceResource.isDirectory()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1714: path: Condition "!resources.mkdir(dest)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1715: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1715: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1715: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1715: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1713| if (sourceResource.isDirectory()) { +# 1714| if (!resources.mkdir(dest)) { +# 1715|-> WebResource destResource = resources.getResource(dest); +# 1716| if (!destResource.isDirectory()) { +# 1717| errorList.put(dest, Integer.valueOf(WebdavStatus.SC_CONFLICT)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1707: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1713: path: Condition "sourceResource.isDirectory()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1736: path: Condition "sourceResource.isFile()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1735| } +# 1736| } else if (sourceResource.isFile()) { +# 1737|-> WebResource destResource = resources.getResource(dest); +# 1738| if (!destResource.exists() && !destResource.getWebappPath().endsWith("/")) { +# 1739| int lastSlash = destResource.getWebappPath().lastIndexOf('/'); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1707: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1713: path: Condition "sourceResource.isDirectory()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1736: path: Condition "sourceResource.isFile()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: path: Condition "!destResource.exists()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: path: Condition "!destResource.getWebappPath().endsWith("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1740: path: Condition "lastSlash > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1742: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1742: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1742: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1742: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1740| if (lastSlash > 0) { +# 1741| String parent = destResource.getWebappPath().substring(0, lastSlash); +# 1742|-> WebResource parentResource = resources.getResource(parent); +# 1743| if (!parentResource.isDirectory()) { +# 1744| errorList.put(source, Integer.valueOf(WebdavStatus.SC_CONFLICT)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1807: path: Condition "ifHeader == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1812: path: Condition "lockTokenHeader == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1816: path: Condition "isLocked(path, ifHeader + lockTokenHeader)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1821: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1821: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1821: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1821: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1819| } +# 1820| +# 1821|-> WebResource resource = resources.getResource(path); +# 1822| +# 1823| if (!resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1941: return_thread_shared: Call to "keys" returns a pointer to thread-shared data. (The virtual call resolves to "java.util.Hashtable.keys".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1941: assign: Assigning: "pathList" = "errorList.keys()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1942: thread_unsafe_modification: Thread-shared "pathList" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1942: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1942: write: "pathList" is modified in call to "hasMoreElements". (The virtual call resolves to "org.apache.catalina.loader.WebappClassLoaderBase.CombinedEnumeration.hasMoreElements".) +# 1940| +# 1941| Enumeration pathList = errorList.keys(); +# 1942|-> while (pathList.hasMoreElements()) { +# 1943| +# 1944| String errorPath = pathList.nextElement(); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1989: path: Condition "isSpecialPath(path)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1993: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1993: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1993: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:1993: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1991| } +# 1992| +# 1993|-> WebResource resource = resources.getResource(path); +# 1994| if (!resource.exists()) { +# 1995| // File is in directory listing but doesn't appear to exist + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:2354: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:2354: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:2354: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java:2354: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 2352| +# 2353| +# 2354|-> WebResource resource = resources.getResource(getRelativePath(req)); +# 2355| +# 2356| // These methods are always allowed. They may return a 404 (not a 405) + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:889: path: Condition "result != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:898: path: Condition "sessions.containsKey(result)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:889: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:893: read_volatile: Reading "duplicates", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:893: intervening_update: Another thread writes to "duplicates". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java:893: stale_update: Updating "duplicates" based on a stale value. Any intervening update in another thread is overwritten. +# 891| // that is not a big deal since the fact that there was any +# 892| // duplicate is a much bigger issue. +# 893|-> duplicates++; +# 894| } +# 895| + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:53: path: Condition "paramName.equalsIgnoreCase("cgi")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:57: path: Condition "paramName.equalsIgnoreCase("cmd")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:65: alloc_fn: A new resource is returned from allocation method "getErrorStream". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:65: var_assign: Assigning: "stdErrReader" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader(proc.getErrorStream()))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:68: noescape: Resource "stdErrReader" is not closed or saved in "flow". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:72: leaked_resource: Variable "stdErrReader" going out of scope leaks the resource it refers to. +# 70| proc.waitFor(); +# 71| lastModified = System.currentTimeMillis(); +# 72|-> } catch (InterruptedException e) { +# 73| ssiMediator.log(sm.getString("ssiExec.executeFailed", substitutedValue), e); +# 74| writer.write(configErrMsg); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:53: path: Condition "paramName.equalsIgnoreCase("cgi")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:57: path: Condition "paramName.equalsIgnoreCase("cmd")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:63: alloc_fn: A new resource is returned from allocation method "getInputStream". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:63: var_assign: Assigning: "stdOutReader" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader(proc.getInputStream()))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:69: noescape: Resource "stdOutReader" is not closed or saved in "flow". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java:72: leaked_resource: Variable "stdOutReader" going out of scope leaks the resource it refers to. +# 70| proc.waitFor(); +# 71| lastModified = System.currentTimeMillis(); +# 72|-> } catch (InterruptedException e) { +# 73| ssiMediator.log(sm.getString("ssiExec.executeFailed", substitutedValue), e); +# 74| writer.write(configErrMsg); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:199: path: Condition "buffered", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:202: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:207: alloc_fn: A new resource is returned from allocation method "getInputStream". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:207: var_assign: Assigning: "resourceInputStream" = resource returned from "resourceInfo.getInputStream()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:209: path: Condition "encoding == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:213: path: Condition "encoding == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:214: var_assign: Assigning: "isr" = resource returned from "new java.io.InputStreamReader(resourceInputStream)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:215: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:218: var_assign: Assigning: "bufferedReader" = resource returned from "new java.io.BufferedReader(isr)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:220: noescape: Resource "bufferedReader" is not closed or saved in "process". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:220: path: Throwing "java.io.IOException" (or subclass) from call to "process"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "bufferedReader" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "isr" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "resourceInputStream" going out of scope leaks the resource it refers to. +# 218| BufferedReader bufferedReader = new BufferedReader(isr); +# 219| +# 220|-> long lastModified = ssiProcessor.process(bufferedReader, +# 221| resourceInfo.getLastModified(), printWriter); +# 222| if (lastModified > 0) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1032: path: Condition "org.apache.catalina.startup.ContextConfig.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1040: path: Condition "i < children.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1042: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1040: path: Condition "i < children.length", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1055: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1055: var_assigned: Assigning: "securityConstraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1056: null_array_length: Accessing length of null array "securityConstraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 1054| // Removing security constraints +# 1055| SecurityConstraint[] securityConstraints = context.findConstraints(); +# 1056|-> for (i = 0; i < securityConstraints.length; i++) { +# 1057| context.removeConstraint(securityConstraints[i]); +# 1058| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1189: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1189: var_assigned: Assigning: "constraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1190: null_array_length: Accessing length of null array "constraints". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 1188| // Check role names used in elements +# 1189| SecurityConstraint constraints[] = context.findConstraints(); +# 1190|-> for (SecurityConstraint constraint : constraints) { +# 1191| String roles[] = constraint.findAuthRoles(); +# 1192| for (String role : roles) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1514: null_method_call: Calling a method on null object "wrapper". +# 1512| +# 1513| if (servlet.getLoadOnStartup() != null) { +# 1514|-> wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue()); +# 1515| } +# 1516| if (servlet.getEnabled() != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1516: path: Condition "servlet.getEnabled() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1517: null_method_call: Calling a method on null object "wrapper". +# 1515| } +# 1516| if (servlet.getEnabled() != null) { +# 1517|-> wrapper.setEnabled(servlet.getEnabled().booleanValue()); +# 1518| } +# 1519| wrapper.setName(servlet.getServletName()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1516: path: Condition "servlet.getEnabled() != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1519: null_method_call: Calling a method on null object "wrapper". +# 1517| wrapper.setEnabled(servlet.getEnabled().booleanValue()); +# 1518| } +# 1519|-> wrapper.setName(servlet.getServletName()); +# 1520| Map params = servlet.getParameterMap(); +# 1521| for (Entry entry : params.entrySet()) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2119: returned_null: "getJarScanner" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.getJarScanner".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2119: var_assigned: Assigning: "jarScanner" = "null" return value from "getJarScanner". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2121: path: Condition "context instanceof org.apache.catalina.core.StandardContext", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "absoluteOrder != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "absoluteOrder.isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "!context.getXmlValidation()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2136: null_method_call: Calling a method on null object "jarScanner". +# 2134| new FragmentJarScannerCallback(webXmlParser, delegate, parseRequired); +# 2135| +# 2136|-> jarScanner.scan(JarScanType.PLUGGABILITY, +# 2137| context.getServletContext(), callback); +# 2138| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2211: returned_null: "getServer" returns "null" (checked 1 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2211: var_assigned: Assigning: "s" = "null" return value from "getServer". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2213: null_method_call: Calling a method on null object "s". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1145: example_assign: Example 1: Assigning: "s" = return value from "getServer()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:1146: example_checked: Example 1 (cont.): "s" has its value checked in "s != null". +# 2211| Server s = getServer(); +# 2212| ExecutorService pool = null; +# 2213|-> pool = s.getUtilityExecutor(); +# 2214| List> futures = new ArrayList<>(fragments.size()); +# 2215| for (WebXml fragment : fragments) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java:619: path: Condition "org.apache.catalina.startup.HostConfig.log.isInfoEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java:624: assign_zero: Assigning: "context" = "null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java:629: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileInputStream". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java:691: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java:699: null_method_call: Calling a method on null object "context". +# 697| // default to appBase dir + name +# 698| expandedDocBase = new File(host.getAppBaseFile(), cn.getBaseName()); +# 699|-> if (context.getDocBase() != null && !context.getDocBase().toLowerCase(Locale.ENGLISH).endsWith(".war")) { +# 700| // first assume docBase is absolute +# 701| expandedDocBase = new File(context.getDocBase()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java:387: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java:387: var_assigned: Assigning: "sw" = "null" return value from "createWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java:388: null_method_call: Calling a method on null object "sw". +# 386| // will do class for name and set init params +# 387| Wrapper sw = ctx.createWrapper(); +# 388|-> sw.setServletClass(servletClass); +# 389| sw.setName(servletName); +# 390| ctx.addChild(sw); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java:81: returned_null: "findApplicationListeners" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findApplicationListeners".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java:81: var_assigned: Assigning: "applicationListeners" = "null" return value from "findApplicationListeners". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java:82: null_array_length: Accessing length of null array "applicationListeners". +# 80| protected static void loadApplicationListenerAnnotations(Context context) { +# 81| String[] applicationListeners = context.findApplicationListeners(); +# 82|-> for (String className : applicationListeners) { +# 83| Class clazz = Introspection.loadClass(context, className); +# 84| if (clazz == null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:71: path: Condition "aContext instanceof org.apache.catalina.core.StandardContext", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:72: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:72: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:74: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 72| StoreDescription desc = getRegistry().findDescription( +# 73| aContext.getClass()); +# 74|-> if (desc.isStoreSeparate()) { +# 75| URL configFile = ((StandardContext) aContext) +# 76| .getConfigFile(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:273: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:273: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:274: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 272| try { +# 273| desc = getRegistry().findDescription(aContext.getClass()); +# 274|-> oldSeparate = desc.isStoreSeparate(); +# 275| desc.setStoreSeparate(false); +# 276| desc.getStoreFactory().store(aWriter, indent, aContext); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:291: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:291: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:293: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 291| StoreDescription desc = getRegistry().findDescription( +# 292| aHost.getClass()); +# 293|-> desc.getStoreFactory().store(aWriter, indent, aHost); +# 294| } +# 295| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:303: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:303: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:305: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 303| StoreDescription desc = getRegistry().findDescription( +# 304| aService.getClass()); +# 305|-> desc.getStoreFactory().store(aWriter, indent, aService); +# 306| } +# 307| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:315: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:315: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java:317: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 315| StoreDescription desc = getRegistry().findDescription( +# 316| aServer.getClass()); +# 317|-> desc.getStoreFactory().store(writer, indent, aServer); +# 318| } +# 319| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:64: path: Condition "isPrint", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:66: path: Condition ""workDir".equals(attrName)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:67: returned_null: "getDefaultWorkDir" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:67: var_assigned: Assigning: "defaultWorkDir" = "null" return value from "getDefaultWorkDir". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:68: null_method_call: Calling a method on null object "defaultWorkDir". +# 66| if ("workDir".equals(attrName)) { +# 67| String defaultWorkDir = getDefaultWorkDir(context); +# 68|-> isPrint = !defaultWorkDir.equals(context.getWorkDir()); +# 69| } else if ("path".equals(attrName)) { +# 70| isPrint = desc.isStoreSeparate() + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:163: path: Condition "aTagElement != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:167: path: Condition "elementFactory != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:168: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:168: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:170: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 168| StoreDescription desc = getRegistry().findDescription( +# 169| aTagElement.getClass()); +# 170|-> if (!desc.isTransientChild(aTagElement.getClass().getName())) { +# 171| elementFactory.store(aWriter, indent, aTagElement); +# 172| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:291: path: Condition "head == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:294: path: Condition "add == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:297: path: Condition "head == add", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:301: path: Condition "head.getMsgNr() > add.getMsgNr()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:307: assign_zero: Assigning: "prev" = "null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:308: path: Condition "iter.getMsgNr() < add.getMsgNr()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:308: path: Condition "iter.next != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:312: path: Condition "iter.getMsgNr() < add.getMsgNr()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:316: path: Condition "iter.getMsgNr() > add.getMsgNr()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:318: null_field_access: Accessing field of null object "prev". +# 316| } else if (iter.getMsgNr() > add.getMsgNr()) { +# 317| //add before +# 318|-> prev.next = add; // prev cannot be null here, warning suppressed +# 319| add.next = iter; +# 320| + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:50: path: Condition "(level & 4 /* org.apache.catalina.tribes.MembershipService.MBR_RX */) == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:59: path: Condition "org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:69: path: Condition "caCertFile == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:73: path: Condition "clientCertificateFile == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:74: path: Condition "protocol == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:78: path: Condition "saTokenFile == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: alloc_fn: A new resource is returned from allocation method "getDefault". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: noescape: Resource "java.nio.file.FileSystems.getDefault()" is not closed or saved in "getPath". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: leaked_resource: Failing to save or close resource created by "java.nio.file.FileSystems.getDefault()" leaks it. +# 80| } +# 81| try { +# 82|-> byte[] bytes = Files.readAllBytes(FileSystems.getDefault().getPath(saTokenFile)); +# 83| streamProvider = new TokenStreamProvider(new String(bytes, StandardCharsets.US_ASCII), caCertFile); +# 84| } catch (IOException e) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1218: path: Condition "notify", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1220: return_collection_alias: Call to "keySet" returns an "Iterable" equivalent to "this". [Note: The source code implementation of the function has been overridden by a builtin model.] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1220: enhanced_for: Starting an iteration on "keySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1220: path: Iterating over another element of "keySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1221: modify_iterable: Call to "remove" modifies "Iterable" "this" which invalidates the iterator for the loop on "keySet()". [Note: The source code implementation of the function has been overridden by a builtin model.] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1222: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1220: invalid_loop: Attempting to obtain another element from "keySet()" after it's been modified. +# 1218| if ( notify ) { +# 1219| //only delete active keys +# 1220|-> for (K k : keySet()) { +# 1221| remove(k); +# 1222| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "!isConnected()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "this.socketChannel == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: var_compare_op: Comparing "this.socketChannel" to null implies that "this.socketChannel" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "this.dataChannel == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:206: path: Condition "current != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:207: path: Condition "remaining > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:210: null_method_call: Calling a method on null object "socketChannel". +# 208| //we have written everything, or we are starting a new package +# 209| //protect against buffer overwrite +# 210|-> int byteswritten = isUdpBased()?dataChannel.write(writebuf) : socketChannel.write(writebuf); +# 211| if (byteswritten == -1 ) { +# 212| throw new EOFException(); + +Error: UNUSED_VALUE (CWE-563): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:437: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:442: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:447: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:452: returned_reference: Assigning value from "buf.toString()" to "result" here, but that stored value is overwritten before it can be used. +# 450| return result; +# 451| case ')': +# 452|-> result = buf.toString(); +# 453| buf = new StringBuilder(); +# 454| break; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:156: path: Condition "key.equals("HTTPS")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:158: path: Condition "key.equals("SSL_PROTOCOL")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:160: path: Condition "key.equals("SSL_SESSION_ID")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:162: path: Condition "key.equals("SSL_SESSION_RESUMED")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:164: path: Condition "key.equals("SSL_SECURE_RENEG")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:166: path: Condition "key.equals("SSL_COMPRESS_METHOD")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:168: path: Condition "key.equals("SSL_TLS_SNI")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:170: path: Condition "key.equals("SSL_CIPHER")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:172: path: Condition "key.equals("SSL_CIPHER_EXPORT")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:184: path: Condition "key.equals("SSL_CIPHER_ALGKEYSIZE")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:191: path: Condition "key.equals("SSL_CIPHER_USEKEYSIZE")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:192: returned_null: "getKeySize" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:192: null_method_call: Calling a method on null object "sslSupport.getKeySize()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProcessor.java:802: example_assign: Example 1: Assigning: "sslO" = return value from "sslSupport.getKeySize()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProcessor.java:803: example_checked: Example 1 (cont.): "sslO" has its value checked in "sslO != null". +# 190| } +# 191| } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { +# 192|-> return sslSupport.getKeySize().toString(); +# 193| } else if (key.startsWith("SSL_CLIENT_")) { +# 194| X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:61: path: Condition "name.equals("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:69: path: Condition "name.endsWith("/")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:69: path: Condition "file.isFile()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:75: path: Condition "mustExist", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:75: path: Condition "!file.canRead()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:81: path: Condition "getRoot().getAllowLinking()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:87: path: Condition "org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:87: path: Condition "isInvalidWindowsFilename(name)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:95: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:98: path: Condition "canPath == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:98: path: Condition "!canPath.startsWith(canonicalBase)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:109: returned_null: "normalize" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:109: var_assigned: Assigning: "absPath" = "null" return value from "normalize". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:110: null_method_call: Calling a method on null object "absPath". +# 108| // well. +# 109| String absPath = normalize(file.getAbsolutePath()); +# 110|-> if (absoluteBase.length() > absPath.length()) { +# 111| return null; +# 112| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:104: path: Condition "org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.instance == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: enhanced_for: Starting an iteration on "factories". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: path: Iterating over another element of "factories". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:110: path: Condition "factoryLoader != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:120: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: path: Iterating over another element of "factories". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:110: path: Condition "factoryLoader != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:111: path: Condition "classLoader.equals(factoryLoader)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:115: modify_iterable: Call to "remove" modifies "Iterable" "factories" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:116: path: Breaking from loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:120: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: invalid_loop: Attempting to obtain another element from "factories" after it's been modified. +# 106| } +# 107| List factories = instance.userFactories; +# 108|-> for (URLStreamHandlerFactory factory : factories) { +# 109| ClassLoader factoryLoader = factory.getClass().getClassLoader(); +# 110| while (factoryLoader != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java:1135: path: Condition "getProtocol().getDomain() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java:1139: returned_null: "getRequest" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.coyote.http11.upgrade.UpgradeProcessorBase.getRequest".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java:1139: null_method_call: Calling a method on null object "processor.getRequest()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java:1165: example_assign: Example 1: Assigning: "r" = return value from "processor.getRequest()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java:1166: example_checked: Example 1 (cont.): "r" has its value checked in "r == null". +# 1137| try { +# 1138| long count = registerCount.incrementAndGet(); +# 1139|-> RequestInfo rp = +# 1140| processor.getRequest().getRequestProcessor(); +# 1141| rp.setGlobalProcessor(global); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:655: path: Condition "methodCode != -1 /* org.apache.coyote.ajp.Constants.SC_M_JK_STORED */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:668: path: Condition "socketWrapper != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:673: path: Condition "isSSL", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:719: path: Condition "contentLengthSet", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:735: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:719: path: Condition "contentLengthSet", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:722: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:735: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == -1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Condition "hId == 7 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_TYPE */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:731: returned_null: "contentType" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java:731: null_method_call: Calling a method on null object "request.contentType()". +# 729| // just read the content-type header, so set it +# 730| ByteChunk bchunk = vMB.getByteChunk(); +# 731|-> request.contentType().setBytes(bchunk.getBytes(), +# 732| bchunk.getOffset(), +# 733| bchunk.getLength()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java:212: path: Condition "contentDelimitation", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java:226: path: Condition "encodingName.equals("chunked")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java:230: path: Condition "i < inputFilters.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java:231: returned_null: "getEncodingName" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.coyote.http11.filters.SavedRequestInputFilter.getEncodingName".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java:231: null_method_call: Calling a method on null object "inputFilters[i].getEncodingName()". +# 229| } else { +# 230| for (int i = pluggableFilterIndex; i < inputFilters.length; i++) { +# 231|-> if (inputFilters[i].getEncodingName().toString().equals(encodingName)) { +# 232| inputBuffer.addActiveFilter(inputFilters[i]); +# 233| return; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: read_volatile: Reading "this.bytesSent", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: intervening_update: Another thread writes to "this.bytesSent". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: stale_update: Updating "this.bytesSent" based on a stale value. Any intervening update in another thread is overwritten. +# 59| } +# 60| public void addBytesSent(long bytesSent) { +# 61|-> this.bytesSent += bytesSent; +# 62| } +# 63| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: read_volatile: Reading "this.bytesReceived", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: intervening_update: Another thread writes to "this.bytesReceived". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: stale_update: Updating "this.bytesReceived" based on a stale value. Any intervening update in another thread is overwritten. +# 70| } +# 71| public void addBytesReceived(long bytesReceived) { +# 72|-> this.bytesReceived += bytesReceived; +# 73| } +# 74| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: read_volatile: Reading "this.msgsSent", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: intervening_update: Another thread writes to "this.msgsSent". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: stale_update: Updating "this.msgsSent" based on a stale value. Any intervening update in another thread is overwritten. +# 81| } +# 82| public void addMsgsSent(long msgsSent) { +# 83|-> this.msgsSent += msgsSent; +# 84| } +# 85| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: read_volatile: Reading "this.msgsReceived", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: intervening_update: Another thread writes to "this.msgsReceived". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: stale_update: Updating "this.msgsReceived" based on a stale value. Any intervening update in another thread is overwritten. +# 92| } +# 93| public void addMsgsReceived(long msgsReceived) { +# 94|-> this.msgsReceived += msgsReceived; +# 95| } +# 96| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:429: path: Condition "!countedCookie", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:430: read_volatile: Reading "headerCount", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:430: intervening_update: Another thread writes to "headerCount". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:430: stale_update: Updating "headerCount" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:165: example_comparison: Example 1: Example comparison of "headerCount" to value, suggesting a semantically meaningful use. +# 428| // multiple headers to aid compression +# 429| if (!countedCookie) { +# 430|-> headerCount ++; +# 431| countedCookie = true; +# 432| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:434: read_volatile: Reading "headerCount", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:434: intervening_update: Another thread writes to "headerCount". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:434: stale_update: Updating "headerCount" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:165: example_comparison: Example 1: Example comparison of "headerCount" to value, suggesting a semantically meaningful use. +# 432| } +# 433| } else { +# 434|-> headerCount ++; +# 435| } +# 436| // Overhead will vary. The main concern is that lots of small headers + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:429: path: Condition "!countedCookie", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:433: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:440: read_volatile: Reading "headerSize", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:440: intervening_update: Another thread writes to "headerSize". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java:440: stale_update: Updating "headerSize" based on a stale value. Any intervening update in another thread is overwritten. +# 438| // estimate of 3 which is the worst case for small headers. +# 439| int inc = 3 + name.length() + value.length(); +# 440|-> headerSize += inc; +# 441| if (!isHeaderCountExceeded() && !isHeaderSizeExceeded(0)) { +# 442| if (log.isDebugEnabled()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:451: path: Condition "org.apache.coyote.http2.Http2Parser.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:458: path: Condition "remaining > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:459: path: Condition "headerReadBuffer.remaining() == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:462: path: Condition "headerReadBuffer.capacity() < payloadSize", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:466: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:471: read_volatile: Reading "headerReadBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:471: intervening_update: Another thread writes to "headerReadBuffer". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java:471: stale_update: Updating "headerReadBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 469| newSize = headerReadBuffer.capacity() * 2; +# 470| } +# 471|-> headerReadBuffer = ByteBufferUtils.expand(headerReadBuffer, newSize); +# 472| } +# 473| int toRead = Math.min(headerReadBuffer.remaining(), remaining); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1205: path: Condition "newStreamsSinceLastPrune < 9", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1207: read_volatile: Reading "newStreamsSinceLastPrune", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1207: intervening_update: Another thread writes to "newStreamsSinceLastPrune". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1207: stale_update: Updating "newStreamsSinceLastPrune" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1205: example_comparison: Example 1: Example comparison of "newStreamsSinceLastPrune" to value, suggesting a semantically meaningful use. +# 1205| if (newStreamsSinceLastPrune < 9) { +# 1206| // Not atomic. Increments may be lost. Not a problem. +# 1207|-> newStreamsSinceLastPrune++; +# 1208| return; +# 1209| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1205: path: Condition "newStreamsSinceLastPrune < 9", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1224: path: Condition "max > 2147483647L /* java.lang.Integer.MAX_VALUE */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1229: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1235: path: Condition "toClose < 1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: return_collection_alias: Call to "values" returns an "Iterable" equivalent to "streams". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: enhanced_for: Starting an iteration on "streams.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1260: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1263: path: Condition "stream.isClosedFinal()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1268: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1306: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1259: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1263: path: Condition "stream.isClosedFinal()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1268: path: Condition "stream.getChildStreams().size() == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1271: modify_iterable: Call to "remove" modifies "Iterable" "streams" which invalidates the iterator for the loop on "streams.values()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1273: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1276: path: Condition "--toClose < 1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "toClose > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "parent.getIdAsInt() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "parent.getIdAsInt() < stream.getIdAsInt()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "parent.getChildStreams().isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1293: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1296: path: Condition "--toClose < 1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1301: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "toClose > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "parent.getIdAsInt() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1285: path: Condition "parent.getIdAsInt() < stream.getIdAsInt()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1302: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1306: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1257: invalid_loop: Attempting to obtain another element from "streams.values()" after it's been modified. +# 1255| // lock on priorityTreeLock to ensure a consistent view. +# 1256| synchronized (priorityTreeLock) { +# 1257|-> for (AbstractNonZeroStream stream : streams.values()) { +# 1258| // Never remove active streams +# 1259| if (stream instanceof Stream && ((Stream) stream).isActive()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:561: read_volatile: Reading "contentLengthReceived", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:561: intervening_update: Another thread writes to "contentLengthReceived". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:561: stale_update: Updating "contentLengthReceived" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:587: example_comparison: Example 1: Example comparison of "contentLengthReceived" to value, suggesting a semantically meaningful use. +# 559| @Override +# 560| final void receivedData(int payloadSize) throws Http2Exception { +# 561|-> contentLengthReceived += payloadSize; +# 562| long contentLengthHeader = coyoteRequest.getContentLengthLong(); +# 563| if (contentLengthHeader > -1 && contentLengthReceived > contentLengthHeader) { + +Error: LOCK_INVERSION (CWE-833): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:1240: path: Condition "inBuffer != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:1241: lock_acquire: Acquiring lock "StreamInputBuffer.inBuffer". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:1243: path: Condition "org.apache.coyote.http2.Stream.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:1246: path: Condition "unreadByteCount > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java:1249: lock_order: Acquiring lock "Http2UpgradeHandler.socketWrapper" while holding "StreamInputBuffer.inBuffer" conflicts with the lock order established elsewhere. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:777: lock_acquire: Example 1: Acquiring lock "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:786: example_lock_order: Example 1 (cont.): Calling "handleAppInitiatedIOException" acquires lock "StreamInputBuffer.inBuffer" while holding "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:819: lock_acquire: Example 2: Acquiring lock "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:842: example_lock_order: Example 2 (cont.): Calling "handleAppInitiatedIOException" acquires lock "StreamInputBuffer.inBuffer" while holding "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:659: lock_acquire: Example 3: Acquiring lock "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:660: example_lock_order: Example 3 (cont.): Calling "doWriteHeaders" acquires lock "StreamInputBuffer.inBuffer" while holding "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:856: lock_acquire: Example 4: Acquiring lock "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:862: example_lock_order: Example 4 (cont.): Calling "sendPing" acquires lock "StreamInputBuffer.inBuffer" while holding "Http2UpgradeHandler.socketWrapper". (The virtual call resolves to "org.apache.coyote.http2.Http2AsyncUpgradeHandler.AsyncPingManager.sendPing".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:332: lock_acquire: Example 5: Acquiring lock "Http2UpgradeHandler.socketWrapper". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:336: example_lock_order: Example 5 (cont.): Calling "sendPing" acquires lock "StreamInputBuffer.inBuffer" while holding "Http2UpgradeHandler.socketWrapper". (The virtual call resolves to "org.apache.coyote.http2.Http2AsyncUpgradeHandler.AsyncPingManager.sendPing".) +# 1247| inBuffer.position(0); +# 1248| inBuffer.limit(inBuffer.limit() - unreadByteCount); +# 1249|-> handler.onSwallowedDataFramePayload(getIdAsInt(), unreadByteCount); +# 1250| } +# 1251| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:137: path: Condition "base == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:137: path: Condition "property == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:147: path: Condition "paramTypes == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:147: var_compare_op: Comparing "paramTypes" to null implies that "paramTypes" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:149: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:156: path: Iterating over another element of "methods". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:157: path: Condition "!m.getName().equals(methodName)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:159: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:259: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:156: path: Iterating over another element of "methods". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:157: path: Condition "!m.getName().equals(methodName)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:167: path: Condition "!m.isVarArgs()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:171: path: Condition "m.isVarArgs()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:171: path: Condition "paramCount < mParamCount - 1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "m.isVarArgs()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramCount == mParamCount", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramValues != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramValues.length > paramCount", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java:175: null_array_access: Accessing an element on null array "paramTypes". +# 173| continue; +# 174| } +# 175|-> if (m.isVarArgs() && paramCount == mParamCount && paramValues != null && +# 176| paramValues.length > paramCount && !paramTypes[mParamCount -1].isArray()) { +# 177| // Method arguments don't match + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:456: path: Condition "jsw != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:456: path: Condition "ctxt.getOptions().getModificationTestInterval() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:459: path: Condition "jsw.getLastModificationTest() + ctxt.getOptions().getModificationTestInterval() * 1000 > java.lang.System.currentTimeMillis()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:472: path: Condition "checkClass", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:474: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:477: path: Condition "!targetFile.exists()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:481: path: Condition "checkClass", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:481: path: Condition "jsw != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:486: path: Condition "jspRealLastModified.longValue() < 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:491: path: Condition "targetLastModified != jspRealLastModified.longValue()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:501: path: Condition "jsw == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:506: path: Condition "depends == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:510: path: Iterating over another element of "depends.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:515: path: Condition "key.startsWith("jar:jar:")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:522: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:541: path: Condition "includeLastModified != (java.lang.Long)include.getValue().longValue()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:544: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:551: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:510: path: Iterating over another element of "depends.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:515: path: Condition "key.startsWith("jar:jar:")", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:523: path: Condition "key.startsWith("jar:")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:525: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:528: path: Condition "includeUrl == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:532: path: Condition "iuc instanceof java.net.JarURLConnection", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:533: returned_null: "getJarEntry" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.webresources.CachedResource.CachedResourceJarURLConnection.getJarEntry".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:533: null_method_call: Calling a method on null object "((java.net.JarURLConnection)iuc).getJarEntry()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java:391: example_assign: Example 1: Assigning: "jarEntry" = return value from "((java.net.JarURLConnection)uc).getJarEntry()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java:392: example_checked: Example 1 (cont.): "jarEntry" has its value checked in "jarEntry != null". +# 531| URLConnection iuc = includeUrl.openConnection(); +# 532| if (iuc instanceof JarURLConnection) { +# 533|-> includeLastModified = +# 534| ((JarURLConnection) iuc).getJarEntry().getTime(); +# 535| } else { + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:58: get_attribute: Calling "getAttribute" on thread-shared object "context". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:59: path: Condition "attribute instanceof org.apache.jasper.compiler.ELInterpreter", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:61: path: Condition "attribute instanceof java.lang.String", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:66: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:69: path: Condition "className != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:75: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:80: set_attribute: Calling "setAttribute" on thread-shared object "context" can result in a lost update. +# 78| +# 79| // Cache the result for next time +# 80|-> context.setAttribute(EL_INTERPRETER_CLASS_NAME, result); +# 81| return result; +# 82| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:109: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:110: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:110: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:111: path: Condition "curToken instanceof org.apache.jasper.compiler.ELParser.Char", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:123: path: Condition "buf.length() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:127: path: Condition "!parseFunction()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:128: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 126| } +# 127| if (!parseFunction()) { +# 128|-> ELexpr.add(new ELNode.ELText(curToken.toString())); +# 129| } +# 130| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "isELReserved(curToken.toTrimmedString())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken instanceof org.apache.jasper.compiler.ELParser.Char", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken.toChar() == '.'", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:156: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:158: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:158: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:159: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 157| int mark = getIndex() - whiteSpace.length(); +# 158| curToken = nextToken(); +# 159|-> if (curToken.toChar() == ':') { +# 160| if (hasNext()) { +# 161| Token t2 = nextToken(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "isELReserved(curToken.toTrimmedString())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken instanceof org.apache.jasper.compiler.ELParser.Char", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken.toChar() == '.'", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:156: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:159: path: Condition "curToken.toChar() == ':'", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:160: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:162: path: Condition "t2 instanceof org.apache.jasper.compiler.ELParser.Id", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:165: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:166: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:166: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:171: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 169| } +# 170| } +# 171|-> if (curToken.toChar() == '(') { +# 172| ELexpr.add(new ELNode.Function(s1, s2, expression.substring(start, index - 1))); +# 173| return true; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:257: path: Condition "errCode != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:259: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:265: path: Condition "where != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:266: path: Condition "jspcMode", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:269: returned_null: "getURL" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:269: null_method_call: Calling a method on null object "where.getURL()". +# 267| // Get the full URL of the resource that caused the error +# 268| try { +# 269|-> file = where.getURL().toString(); +# 270| } catch (MalformedURLException me) { +# 271| // Fallback to using context-relative path + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2780: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2783: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2798: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2798: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2800: path: Condition "varInfos.length > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2801: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2802: path: Condition "varInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2803: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2817: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2801: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2802: path: Condition "varInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2807: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2805| // If the scripting variable has been declared, skip codes +# 2806| // for saving and restoring it. +# 2807|-> if (declaredVariables.contains(varInfo)) { +# 2808| continue; +# 2809| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2780: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2783: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2798: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2798: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2800: path: Condition "varInfos.length > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2819: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2820: path: Condition "tagVarInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2821: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2844: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2819: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2820: path: Condition "tagVarInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2825: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2823| // If the scripting variable has been declared, skip codes +# 2824| // for saving and restoring it. +# 2825|-> if (declaredVariables.contains(tagVarInfo)) { +# 2826| continue; +# 2827| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2856: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2859: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2874: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2874: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2876: path: Condition "varInfos.length > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2877: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2878: path: Condition "varInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2879: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2893: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2877: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2878: path: Condition "varInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2883: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2881| // If the scripting variable has been declared, skip codes +# 2882| // for saving and restoring it. +# 2883|-> if (declaredVariables.contains(varInfo)) { +# 2884| continue; +# 2885| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2856: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2859: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2874: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2874: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2876: path: Condition "varInfos.length > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2895: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2896: path: Condition "tagVarInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2897: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2920: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2895: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2896: path: Condition "tagVarInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2901: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2899| // If the scripting variable has been declared, skip codes +# 2900| // for saving and restoring it. +# 2901|-> if (declaredVariables.contains(tagVarInfo)) { +# 2902| continue; +# 2903| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java:659: path: Condition "jar != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java:665: returned_null: "getResource" returns "null" (checked 2 out of 6 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java:665: null_method_call: Calling a method on null object "ctxt.getResource(fname)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java:384: example_assign: Example 1: Assigning: "jspUrl" = return value from "getResource(resource)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java:385: example_checked: Example 1 (cont.): "jspUrl" has its value checked in "jspUrl == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:526: example_assign: Example 2: Assigning: "includeUrl" = return value from "ctxt.getResource((java.lang.String)include.getKey())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java:528: example_checked: Example 2 (cont.): "includeUrl" has its value checked in "includeUrl == null". +# 663| } else { +# 664| source = new InputSource(ctxt.getResourceAsStream(fname)); +# 665|-> source.setSystemId(ctxt.getResource(fname).toExternalForm()); +# 666| } +# 667| return source; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:451: path: Condition ""none".equalsIgnoreCase(value)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:454: path: Condition "value == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:454: var_compare_op: Comparing "value" to null implies that "value" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:455: path: Condition "n == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:457: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java:462: null_method_call: Calling a method on null object "value". +# 460| } +# 461| try { +# 462|-> @SuppressWarnings("null") // value can't be null here +# 463| int k = Integer.parseInt(value.substring(0, value.length()-2)); +# 464| buffer = k * 1024; + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:52: save: Saving non-local "parent" in local "tmpParent". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:53: modify: Modifying non-local "parent". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: exception: Value of non-local "parent" that was saved in "tmpParent" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: remediation: Did you intend to enclose the code in a try block and handle restoring "parent" in a finally block to ensure it is always executed? +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: path: Throwing "org.apache.jasper.JasperException" (or subclass) from call to "visitBody"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:55: restore_example: The original value of non-local "parent" was restored here. +# 52| Node.CustomTag tmpParent = parent; +# 53| parent = n; +# 54|-> visitBody(n); +# 55| parent = tmpParent; +# 56| n.setNumCount(Integer.valueOf(count++)); + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:54: get_attribute: Calling "getAttribute" on thread-shared object "context". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:55: path: Condition "attribute instanceof org.apache.jasper.compiler.StringInterpreter", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:57: path: Condition "attribute instanceof java.lang.String", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:62: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:64: path: Condition "className != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:70: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:75: set_attribute: Calling "setAttribute" on thread-shared object "context" can result in a lost update. +# 73| +# 74| // Cache the result for next time +# 75|-> context.setAttribute(STRING_INTERPRETER_CLASS_NAME, result); +# 76| return result; +# 77| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java:499: assign_zero: Assigning: "page" = "null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java:501: path: Throwing "java.io.IOException" (or subclass) from call to "parseTagFileDirectives". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java:502: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java:508: null_method_call: Calling a method on null object "page". +# 506| TagFileDirectiveVisitor tagFileVisitor = new TagFileDirectiveVisitor(pc +# 507| .getCompiler(), tagLibInfo, name, path); +# 508|-> page.visit(tagFileVisitor); +# 509| tagFileVisitor.postCheck(); +# 510| + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:120: path: Condition "tldResourcePath == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:129: path: Condition "pageInfo != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:133: path: Condition "path != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:140: path: Condition "jar != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:175: path: Condition "tldResourcePath.getUrl() == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:180: path: Condition "taglibXml == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:180: var_compare_op: Comparing "taglibXml" to null implies that "taglibXml" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:187: null_method_call: Calling a method on null object "taglibXml". +# 185| // Never null. jspError always throws an Exception +# 186| // Slightly convoluted so the @SuppressWarnings has minimal scope +# 187|-> @SuppressWarnings("null") +# 188| String v = taglibXml.getJspVersion(); +# 189| this.jspversion = v; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:322: path: Condition "path == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:322: var_compare_op: Comparing "path" to null implies that "path" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:325: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:329: path: Condition "jar == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:329: null_method_call: Calling a method on null object "path". +# 327| } +# 328| +# 329|-> if (jar == null && path.startsWith("/META-INF/tags")) { +# 330| // This is a tag file that was packaged in a JAR that has been +# 331| // unpacked into /WEB-INF/classes (probably by an IDE). Adjust the + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java:128: path: Condition "webappPath != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java:131: returned_null: "getResource" returns "null" (checked 15 out of 21 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.getResource".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java:131: var_assigned: Assigning: "url" = "null" return value from "getResource". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java:132: null_method_call: Calling a method on null object "url". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/NamingContextListener.java:868: example_assign: Example 1: Assigning: "wsdlURL" = return value from "((org.apache.catalina.Context)container).getServletContext().getResource(service.getWsdlfile())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/NamingContextListener.java:874: example_checked: Example 1 (cont.): "wsdlURL" has its value checked in "wsdlURL == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:172: example_assign: Example 2: Assigning: "resource" = return value from "servletContext.getResource(path)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java:173: example_checked: Example 2 (cont.): "resource" has its value checked in "resource == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java:476: example_assign: Example 3: Assigning: "url" = return value from "context.getResource(path)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java:477: example_checked: Example 3 (cont.): "url" has its value checked in "url == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2005: example_assign: Example 4: Assigning: "url" = return value from "servletContext.getResource("/WEB-INF/web.xml")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java:2012: example_checked: Example 4 (cont.): "url" has its value checked in "url == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebappServiceLoader.java:167: example_assign: Example 5: Assigning: "jarUrl" = return value from "servletContext.getResource("/WEB-INF/lib/" + lib)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebappServiceLoader.java:168: example_checked: Example 5 (cont.): "jarUrl" has its value checked in "jarUrl == null". +# 130| // the class path but not part of the web application +# 131| URL url = servletContext.getResource(tldResourcePath.getWebappPath()); +# 132|-> URLConnection conn = url.openConnection(); +# 133| result[0] = conn.getLastModified(); +# 134| if ("file".equals(url.getProtocol())) { + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:103: save: Saving non-local "pageEncodingSeen" in local "pageEncodingSeenSave". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:104: modify: Modifying non-local "pageEncodingSeen". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:105: exception: Value of non-local "pageEncodingSeen" that was saved in "pageEncodingSeenSave" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:105: remediation: Did you intend to enclose the code in a try block and handle restoring "pageEncodingSeen" in a finally block to ensure it is always executed? +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:105: path: Throwing "org.apache.jasper.JasperException" (or subclass) from call to "visitBody"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java:106: restore_example: The original value of non-local "pageEncodingSeen" was restored here. +# 103| boolean pageEncodingSeenSave = pageEncodingSeen; +# 104| pageEncodingSeen = false; +# 105|-> visitBody(n); +# 106| pageEncodingSeen = pageEncodingSeenSave; +# 107| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:980: path: Condition "flush", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:980: path: Condition "!(out instanceof javax.servlet.jsp.tagext.BodyContent)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:992: returned_null: "getRequestDispatcher" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:992: var_assigned: Assigning: "rd" = "null" return value from "getRequestDispatcher". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:994: null_method_call: Calling a method on null object "rd". +# 992| RequestDispatcher rd = request.getRequestDispatcher(resourcePath); +# 993| +# 994|-> rd.include(request, +# 995| new ServletResponseWrapperInclude(response, out)); +# 996| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:284: path: Condition "jspUri == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:291: path: Condition "jspUri != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:299: path: Condition "pathInfo != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:302: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:316: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:320: thread_shared_data: "this" is thread-shared because it has type "org.apache.jasper.servlet.JspServlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:63: thread_shared_derived: "org.apache.jasper.servlet.JspServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:278: thread_entry_point: "service" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:320: thread_unsafe_modification: Thread-shared "context" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:320: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java:320: write: "context" is modified in call to "getRealPath". (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.getRealPath".) +# 318| log.debug("\t ServletPath: " + request.getServletPath()); +# 319| log.debug("\t PathInfo: " + request.getPathInfo()); +# 320|-> log.debug("\t RealPath: " + context.getRealPath(jspUri)); +# 321| log.debug("\t RequestURI: " + request.getRequestURI()); +# 322| log.debug("\t QueryString: " + request.getQueryString()); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/juli/logging/LogFactory.java:88: alloc_fn: A new resource is returned from allocation method "getDefault". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/juli/logging/LogFactory.java:88: leaked_resource: Ignoring resource created by "java.nio.file.FileSystems.getDefault()" leaks it. +# 86| * a fix. +# 87| */ +# 88|-> FileSystems.getDefault(); +# 89| +# 90| // Look via a ServiceLoader for a Log implementation that has a + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:828: path: Condition "!name.isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:828: path: Condition "name.get(0).length() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:831: path: Condition "name.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:838: path: Condition "entry == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:843: path: Condition "name.size() > 1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:852: path: Condition "resolveLinks", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:852: path: Condition "entry.type == 1 /* org.apache.naming.NamingEntry.LINK_REF */", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:860: path: Condition "entry.type == 2 /* org.apache.naming.NamingEntry.REFERENCE */", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:863: path: Condition "!org.apache.naming.NamingContext.GRAAL", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:865: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:874: path: Condition "entry.value instanceof org.apache.naming.ResourceRef", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:875: returned_null: "get" returns "null" (checked 51 out of 67 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:875: null_method_call: Calling a method on null object "((org.apache.naming.ResourceRef)entry.value).get("singleton")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 3: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 3 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 4: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 4 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:75: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:76: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 873| } +# 874| if (entry.value instanceof ResourceRef) { +# 875|-> boolean singleton = Boolean.parseBoolean( +# 876| (String) ((ResourceRef) entry.value).get( +# 877| "singleton").getContent()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:57: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:60: returned_null: "get" returns "null" (checked 51 out of 67 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:60: var_assigned: Assigning: "passAttr" = "null" return value from "get". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: path: Condition "userAttr.getContent() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: null_method_call: Calling a method on null object "passAttr". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 3: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 3 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 4: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 4 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:75: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:76: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 59| RefAddr userAttr = ref.get("username"); +# 60| RefAddr passAttr = ref.get("password"); +# 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) { +# 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString()); +# 63| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:57: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:59: returned_null: "get" returns "null" (checked 51 out of 67 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:59: var_assigned: Assigning: "userAttr" = "null" return value from "get". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: null_method_call: Calling a method on null object "userAttr". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 3: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 3 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 4: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 4 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:75: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:76: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 59| RefAddr userAttr = ref.get("username"); +# 60| RefAddr passAttr = ref.get("password"); +# 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) { +# 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString()); +# 63| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java:100: path: Condition "list.hasMoreElements()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java:111: path: Condition "fromAddr != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java:112: returned_null: "get" returns "null" (checked 51 out of 67 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java:112: null_method_call: Calling a method on null object "ref.get("mail.from")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 3: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 3 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 4: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 4 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:75: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:76: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 110| String from = null; +# 111| if (fromAddr != null) { +# 112|-> from = (String)ref.get("mail.from").getContent(); +# 113| } +# 114| if (from != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:33: returned_null: "listFiles" returns "null" (checked 5 out of 6 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:33: null_array_length: Accessing length of null array "root.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/util/ExtensionValidator.java:343: example_assign: Example 1: Assigning: "files" = return value from "targetDir.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/util/ExtensionValidator.java:344: example_checked: Example 1 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/DirResourceSet.java:157: example_assign: Example 2: Assigning: "list" = return value from "f.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/DirResourceSet.java:158: example_checked: Example 2 (cont.): "list" has its value checked in "list != null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Utils.java:108: example_assign: Example 3: Assigning: "files" = return value from "dir.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Utils.java:109: example_checked: Example 3 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:98: example_assign: Example 4: Assigning: "files" = return value from "directory.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:99: example_checked: Example 4 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:201: example_assign: Example 5: Assigning: "files" = return value from "directory.listFiles()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:202: example_checked: Example 5 (cont.): "files" has its value checked in "files == null". +# 31| File root = new File(Constants.STORAGE_DIR); +# 32| +# 33|-> for (File f : root.listFiles()) { +# 34| // Not robust but good enough +# 35| if (f.isFile() && f.getName().startsWith(Constants.L10N_PREFIX)) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:56: path: Iterating over another element of "objKeys". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:60: path: Condition "value.trim().length() == 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:61: path: Continuing loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:83: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:56: path: Iterating over another element of "objKeys". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:60: path: Condition "value.trim().length() == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:65: path: Condition "!cKey.pkg.equals(currentPkg)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:67: path: Condition "w != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:71: new_resource: "new java.io.FileOutputStream(outFile)" creates a new resource. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:71: var_assign: Assigning: "fos" = resource returned from "new java.io.FileOutputStream(outFile)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:72: var_assign: Assigning: "w" = resource returned from "new java.io.OutputStreamWriter(fos, java.nio.charset.StandardCharsets.UTF_8)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:73: noescape: Resource "w" is not closed or saved in "insertLicense". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:74: leaked_resource: Variable "fos" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:76: path: Condition "!currentGroup.equals(cKey.group)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: noescape: Resource "w" is not closed or saved in "write". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: path: Throwing "java.io.IOException" (or subclass) from call to "write"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: leaked_resource: Variable "w" going out of scope leaks the resource it refers to. +# 76| if (!currentGroup.equals(cKey.group)) { +# 77| currentGroup = cKey.group; +# 78|-> w.write(System.lineSeparator()); +# 79| } +# 80| + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:259: path: Condition "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:259: var_compare_op: Comparing "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT" to null implies that "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:274: path: Condition "allRefAddrs.hasMoreElements()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:279: path: Condition "allPropsAsList.contains(propertyName)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:279: null_method_call: Calling a method on null object "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT". +# 277| // If property name is not in the properties list, we haven't warned on it +# 278| // and it is not in the "silent" list, tell user we are ignoring it. +# 279|-> if (!(allPropsAsList.contains(propertyName) || NUPROP_WARNTEXT.containsKey(propertyName) +# 280| || SILENT_PROPERTIES.contains(propertyName))) { +# 281| final String propertyValue = ra.getContent().toString(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:300: new_resource: Created a new object of type "org.apache.tomcat.dbcp.dbcp2.BasicDataSource", which implements "java.lang.AutoCloseable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:300: var_assign: Assigning: "dataSource" = resource returned from "new org.apache.tomcat.dbcp.dbcp2.BasicDataSource()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:302: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:303: noescape: Resource "dataSource" is not closed or saved in "setDefaultAutoCommit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:307: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:308: noescape: Resource "dataSource" is not closed or saved in "setDefaultReadOnly". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:312: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:314: path: Condition ""NONE".equalsIgnoreCase(value)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:316: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:334: noescape: Resource "dataSource" is not closed or saved in "setDefaultTransactionIsolation". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:338: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:339: noescape: Resource "dataSource" is not closed or saved in "setDefaultCatalog". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:343: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:344: noescape: Resource "dataSource" is not closed or saved in "setDefaultSchema". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:348: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:349: noescape: Resource "dataSource" is not closed or saved in "setCacheState". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:353: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:354: noescape: Resource "dataSource" is not closed or saved in "setDriverClassName". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:358: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:359: noescape: Resource "dataSource" is not closed or saved in "setLifo". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:363: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:364: noescape: Resource "dataSource" is not closed or saved in "setMaxTotal". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:368: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:369: noescape: Resource "dataSource" is not closed or saved in "setMaxIdle". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:373: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:374: noescape: Resource "dataSource" is not closed or saved in "setMinIdle". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:378: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:379: noescape: Resource "dataSource" is not closed or saved in "setInitialSize". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:383: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:384: noescape: Resource "dataSource" is not closed or saved in "setMaxWaitMillis". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:388: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:389: noescape: Resource "dataSource" is not closed or saved in "setTestOnCreate". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:393: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:394: noescape: Resource "dataSource" is not closed or saved in "setTestOnBorrow". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:398: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:399: noescape: Resource "dataSource" is not closed or saved in "setTestOnReturn". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:403: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:404: noescape: Resource "dataSource" is not closed or saved in "setTimeBetweenEvictionRunsMillis". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:408: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:409: noescape: Resource "dataSource" is not closed or saved in "setNumTestsPerEvictionRun". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:413: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:414: noescape: Resource "dataSource" is not closed or saved in "setMinEvictableIdleTimeMillis". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:418: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:419: noescape: Resource "dataSource" is not closed or saved in "setSoftMinEvictableIdleTimeMillis". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:423: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:424: noescape: Resource "dataSource" is not closed or saved in "setEvictionPolicyClassName". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:428: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:429: noescape: Resource "dataSource" is not closed or saved in "setTestWhileIdle". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:433: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:434: noescape: Resource "dataSource" is not closed or saved in "setPassword". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:438: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:439: noescape: Resource "dataSource" is not closed or saved in "setUrl". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:443: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:444: noescape: Resource "dataSource" is not closed or saved in "setUsername". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:448: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:449: noescape: Resource "dataSource" is not closed or saved in "setValidationQuery". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:453: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:454: noescape: Resource "dataSource" is not closed or saved in "setValidationQueryTimeout". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:458: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:459: noescape: Resource "dataSource" is not closed or saved in "setAccessToUnderlyingConnectionAllowed". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:463: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:464: noescape: Resource "dataSource" is not closed or saved in "setRemoveAbandonedOnBorrow". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:468: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:469: noescape: Resource "dataSource" is not closed or saved in "setRemoveAbandonedOnMaintenance". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:473: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:474: noescape: Resource "dataSource" is not closed or saved in "setRemoveAbandonedTimeout". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:478: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:479: noescape: Resource "dataSource" is not closed or saved in "setLogAbandoned". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:483: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:484: noescape: Resource "dataSource" is not closed or saved in "setAbandonedUsageTracking". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:488: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:489: noescape: Resource "dataSource" is not closed or saved in "setPoolPreparedStatements". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:493: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:494: noescape: Resource "dataSource" is not closed or saved in "setClearStatementPoolOnReturn". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:498: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:499: noescape: Resource "dataSource" is not closed or saved in "setMaxOpenPreparedStatements". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:503: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:504: noescape: Resource "dataSource" is not closed or saved in "setConnectionInitSqls". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:508: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:509: path: Throwing "java.io.IOException" (or subclass) from call to "getProperties"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:509: leaked_resource: Variable "dataSource" going out of scope leaks the resource it refers to. +# 507| value = properties.getProperty(PROP_CONNECTION_PROPERTIES); +# 508| if (value != null) { +# 509|-> final Properties p = getProperties(value); +# 510| final Enumeration e = p.propertyNames(); +# 511| while (e.hasMoreElements()) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:369: jdbc_fn: An open JDBC connection is returned from "createConnection". (The virtual call resolves to "org.apache.tomcat.dbcp.dbcp2.DataSourceConnectionFactory.createConnection".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:369: var_assign: Assigning: "conn" = JDBC connection returned from "connectionFactory.createConnection()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:370: path: Condition "conn == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:374: noescape: Resource "conn" is not closed or saved in "initializeConnection". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:375: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:388: path: Condition "poolStatements", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:415: path: Condition "dataSourceJmxObjectName == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:418: path: Throwing "javax.management.MalformedObjectNameException" from call to "ObjectName"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:418: leaked_connection: Variable "conn" going out of scope leaks the connection it holds open. +# 416| connJmxName = null; +# 417| } else { +# 418|-> connJmxName = new ObjectName( +# 419| dataSourceJmxObjectName.toString() + Constants.JMX_CONNECTION_BASE_EXT + connIndex); +# 420| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java:296: returned_null: "getInnermostDelegate" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java:296: null_method_call: Calling a method on null object "(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()". +# 294| public void destroyObject(final PStmtKey key, final PooledObject pooledObject) +# 295| throws Exception { +# 296|-> pooledObject.getObject().getInnermostDelegate().close(); +# 297| } +# 298| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java:341: returned_null: "getInnermostDelegate" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java:341: null_method_call: Calling a method on null object "(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()". +# 339| public void destroyObject(final PStmtKey key, final PooledObject pooledObject) +# 340| throws Exception { +# 341|-> pooledObject.getObject().getInnermostDelegate().close(); +# 342| } +# 343| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:538: path: Condition "manager == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:542: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:551: path: Throwing "java.sql.SQLException" (or subclass) from call to "borrowObject". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:554: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:558: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:568: returned_null: "getPool" returns "null" (checked 2 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:568: var_assigned: Assigning: "pool" = "null" return value from "getPool". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:569: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:573: null_method_call: Calling a method on null object "pool". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:161: example_assign: Example 1: Assigning: "pool" = return value from "getPool(getPoolKey(userName))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:162: example_checked: Example 1 (cont.): "pool" has its value checked in "pool == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:182: example_assign: Example 2: Assigning: "pool" = return value from "getPool(getPoolKey(userName))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:183: example_checked: Example 2 (cont.): "pool" has its value checked in "pool == null". +# 571| } +# 572| try { +# 573|-> info = pool.borrowObject(); +# 574| } catch (final Exception ex) { +# 575| throw new SQLException("Could not retrieve connection info from pool", ex); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:615: returned_null: "getObjectInstance" returns "null" (checked 2 out of 5 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:615: var_assigned: Assigning: "oldDS" = "null" return value from "getObjectInstance". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:617: null_field_access: Accessing field of null object "oldDS". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:872: example_assign: Example 1: Assigning: "obj" = return value from "factory.getObjectInstance(entry.value, name, this, env)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:883: example_checked: Example 1 (cont.): "obj" has its value checked in "obj == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:117: example_assign: Example 2: Assigning: "result" = return value from "factory.getObjectInstance(obj, name, nameCtx, environment)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:127: example_checked: Example 2 (cont.): "result" has its value checked in "result != null". +# 615| final PerUserPoolDataSource oldDS = (PerUserPoolDataSource) new PerUserPoolDataSourceFactory() +# 616| .getObjectInstance(getReference(), null, null, null); +# 617|-> this.managers = oldDS.managers; +# 618| } catch (final NamingException e) { +# 619| throw new IOException("NamingException: " + e); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:41: new_resource: Created a new object of type "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource", which implements "java.lang.AutoCloseable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:41: var_assign: Assigning: "pupds" = resource returned from "new org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:43: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:48: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:53: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:58: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:64: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:70: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:76: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:82: path: Condition "ra != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:88: path: Condition "ra != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:88: path: Condition "ra.getContent() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:90: path: Throwing "java.io.IOException" (or subclass) from call to "deserialize"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:90: leaked_resource: Variable "pupds" going out of scope leaks the resource it refers to. +# 88| if (ra != null && ra.getContent() != null) { +# 89| final byte[] serialized = (byte[]) ra.getContent(); +# 90|-> pupds.setPerUserDefaultReadOnly((Map) deserialize(serialized)); +# 91| } +# 92| return pupds; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:230: returned_null: "getObjectInstance" returns "null" (checked 2 out of 5 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:230: var_assigned: Assigning: "oldDS" = "null" return value from "getObjectInstance". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:232: null_field_access: Accessing field of null object "oldDS". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:872: example_assign: Example 1: Assigning: "obj" = return value from "factory.getObjectInstance(entry.value, name, this, env)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java:883: example_checked: Example 1 (cont.): "obj" has its value checked in "obj == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:117: example_assign: Example 2: Assigning: "result" = return value from "factory.getObjectInstance(obj, name, nameCtx, environment)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java:127: example_checked: Example 2 (cont.): "result" has its value checked in "result != null". +# 230| final SharedPoolDataSource oldDS = (SharedPoolDataSource) new SharedPoolDataSourceFactory() +# 231| .getObjectInstance(getReference(), null, null, null); +# 232|-> this.pool = oldDS.pool; +# 233| } catch (final NamingException e) { +# 234| throw new IOException("NamingException: " + e); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:37: new_resource: Created a new object of type "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource", which implements "java.lang.AutoCloseable". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:37: var_assign: Assigning: "spds" = resource returned from "new org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:39: path: Condition "ra != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:39: path: Condition "ra.getContent() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:40: path: Throwing "java.lang.NumberFormatException" from call to "parseInt"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:40: leaked_resource: Variable "spds" going out of scope leaks the resource it refers to. +# 38| final RefAddr ra = ref.get("maxTotal"); +# 39| if (ra != null && ra.getContent() != null) { +# 40|-> spds.setMaxTotal(Integer.parseInt(ra.getContent().toString())); +# 41| } +# 42| return spds; + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:144: path: Condition "userName == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:146: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:151: alloc_fn: A new resource is returned from allocation method "getConnection". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:151: var_assign: Assigning: "connection" = resource returned from "xaConnection.getConnection()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:152: path: Throwing "java.sql.SQLException" (or subclass) from call to "getXAResource"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:152: leaked_resource: Variable "connection" going out of scope leaks the resource it refers to. +# 150| // get the real connection and XAResource from the connection +# 151| final Connection connection = xaConnection.getConnection(); +# 152|-> final XAResource xaResource = xaConnection.getXAResource(); +# 153| +# 154| // register the xa resource for the connection + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:144: path: Condition "userName == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:147: jdbc_fn: An open JDBC connection is returned from "getXAConnection". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:147: var_assign: Assigning: "xaConnection" = JDBC connection returned from "xaDataSource.getXAConnection(userName, org.apache.tomcat.dbcp.dbcp2.Utils.toString(userPassword))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:151: noescape: Resource "xaConnection" is not closed or saved in "getConnection". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:180: leaked_connection: Variable "xaConnection" going out of scope leaks the connection it holds open. +# 178| }); +# 179| +# 180|-> return connection; +# 181| } +# 182| + +Error: LOCK_INVERSION (CWE-833): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1163: lock_acquire: Calling "lock" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1165: lock_order: Acquiring lock "BaseGenericObjectPool.evictionLock" while holding "SynchronizedPooledObjectFactory.writeLock.lock()" conflicts with the lock order established elsewhere. (The virtual call resolves to "org.apache.tomcat.dbcp.dbcp2.managed.PoolableManagedConnectionFactory.makeObject".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:745: lock_acquire: Example 1: Acquiring lock "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:805: example_lock_order: Example 1 (cont.): Calling "destroy" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()" while holding "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:745: lock_acquire: Example 2: Acquiring lock "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:802: example_lock_order: Example 2 (cont.): Calling "activateObject" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()" while holding "BaseGenericObjectPool.evictionLock". (The virtual call resolves to "org.apache.tomcat.dbcp.pool2.PoolUtils.SynchronizedPooledObjectFactory.activateObject".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:745: lock_acquire: Example 3: Acquiring lock "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:796: example_lock_order: Example 3 (cont.): Calling "destroy" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()" while holding "BaseGenericObjectPool.evictionLock". +# 1163| writeLock.lock(); +# 1164| try { +# 1165|-> return factory.makeObject(); +# 1166| } finally { +# 1167| writeLock.unlock(); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1402: read_volatile: Reading "idleHighWaterMark", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1402: intervening_update: Another thread writes to "idleHighWaterMark". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1402: stale_update: Updating "idleHighWaterMark" based on a stale value. Any intervening update in another thread is overwritten. +# 1400| public void update(final long now, final int numIdle) { +# 1401| final int idle = Math.max(0, numIdle); +# 1402|-> idleHighWaterMark = Math.max(idle, idleHighWaterMark); +# 1403| final float maxInterval = 15f; +# 1404| final float minutes = maxInterval + + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:178: return_collection_alias: Call to "entrySet" returns an "Iterable" equivalent to "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:178: enhanced_for: Starting an iteration on "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:178: path: Iterating over another element of "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:179: path: Condition "(java.lang.ref.Reference)entry.getKey().get() == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:181: modify_iterable: Call to "remove" modifies "Iterable" "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap" which invalidates the iterator for the loop on "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:183: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:178: invalid_loop: Attempting to obtain another element from "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()" after it's been modified. +# 176| public void run() { +# 177| synchronized (EvictionTimer.class) { +# 178|-> for (Entry, WeakRunner> entry : taskMap.entrySet()) { +# 179| if (entry.getKey().get() == null) { +# 180| executor.remove(entry.getValue()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:1138: path: Condition "factoryType == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:1142: returned_null: "getFactoryType" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:1142: var_assigned: Assigning: "pooledObjectType" = "null" return value from "getFactoryType". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:1144: null_method_call: Calling a method on null object "pooledObjectType". +# 1142| final Class pooledObjectType = +# 1143| PoolImplUtils.getFactoryType(factory.getClass()); +# 1144|-> result.append(pooledObjectType.getName()); +# 1145| result.append('>'); +# 1146| factoryType = result.toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:78: path: Condition "type == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:78: path: Condition "clazz == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:85: path: Condition "pi != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:94: path: Condition "result instanceof java.lang.Class", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:97: path: Condition "result instanceof java.lang.Integer", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:100: returned_null: "getGenericSuperclass" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:100: var_assigned: Assigning: "superClassType" = "null" return value from "getGenericSuperclass". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:101: null_method_call: Calling a method on null object "superClassType". +# 99| // Map that unknown type to the generic types defined in this class +# 100| final ParameterizedType superClassType = (ParameterizedType) clazz.getGenericSuperclass(); +# 101|-> return getTypeParameter(clazz, superClassType.getActualTypeArguments()[((Integer) result).intValue()]); +# 102| } else { +# 103| // Error will be logged further up the call stack + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java:99: returned_null: "getClassContext" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java:99: var_assigned: Assigning: "classes" = "null" return value from "getClassContext". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java:100: null_array_length: Accessing length of null array "classes". +# 98| private List>> getCallStack() { +# 99| final Class[] classes = getClassContext(); +# 100|-> final List>> stack = new ArrayList<>(classes.length); +# 101| for (final Class klass : classes) { +# 102| stack.add(new WeakReference>(klass)); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:122: path: Condition "null == obj", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:123: path: Condition "idleReferences.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:134: returned_null: "idleReferences.pollFirst()" returns "null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:134: var_assigned: Assigning: "ref" = "null" return value from "pollFirst". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:135: null_method_call: Calling a method on null object "ref". +# 133| } else { +# 134| ref = idleReferences.pollFirst(); +# 135|-> obj = ref.getObject(); +# 136| // Clear the reference so it will not be queued, but replace with a +# 137| // a new, non-registered reference so we can still track this object + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:422: path: Iterating over another element of "methods". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:423: path: Condition "method.getName().equals(name)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: path: Condition "params == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: var_compare_op: Comparing "params" to null implies that "params" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: path: Condition "methodParams.length == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java:428: null_array_length: Accessing length of null array "params". +# 426| return method; +# 427| } +# 428|-> if (params.length != methodParams.length) { +# 429| continue; +# 430| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:88: path: Condition "replaceOnError", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:90: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:96: path: Condition "charset.equals(java.nio.charset.StandardCharsets.UTF_8)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:99: returned_null: "newDecoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:99: var_assigned: Assigning: "decoder" = "null" return value from "newDecoder". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java:101: null_method_call: Calling a method on null object "decoder". +# 99| decoder = charset.newDecoder(); +# 100| } +# 101|-> decoder.onMalformedInput(action); +# 102| decoder.onUnmappableCharacter(action); +# 103| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java:42: returned_null: "newEncoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newEncoder".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java:42: var_assigned: Assigning: "encoder" = "null" return value from "newEncoder". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java:43: null_method_call: Calling a method on null object "encoder". +# 41| public C2BConverter(Charset charset) { +# 42| encoder = charset.newEncoder(); +# 43|-> encoder.onUnmappableCharacter(CodingErrorAction.REPLACE) +# 44| .onMalformedInput(CodingErrorAction.REPLACE); +# 45| char[] left = new char[4]; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:35: returned_null: "newDecoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:35: var_assigned: Assigning: "decoder" = "null" return value from "newDecoder". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:38: path: Condition "i < 128", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:43: null_method_call: Calling a method on null object "decoder". +# 41| inBytes.flip(); +# 42| try { +# 43|-> outChars = decoder.decode(inBytes); +# 44| } catch (CharacterCodingException e) { +# 45| return false; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:281: path: Condition "paramCount > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: var_compare_op: Comparing "paramTypes" to null implies that "paramTypes" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:316: null_array_length: Accessing length of null array "paramTypes". +# 314| // We only do the conversion if the param value is a String and +# 315| // the specified paramType is not String. +# 316|-> Object paramValues[] = new Object[paramTypes.length]; +# 317| for (int i = 0; i < paramTypes.length; i++) { +# 318| // convert nulls and convert stringy parameters + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:280: assign_zero: Assigning: "parameters" = "null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:281: path: Condition "paramCount > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes.length != 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:317: path: Condition "i < paramTypes.length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:320: null_array_access: Accessing an element on null array "parameters". +# 318| // convert nulls and convert stringy parameters +# 319| // for non-stringy param types +# 320|-> Object param = parameters[i]; +# 321| // Tolerate null non-primitive values +# 322| if(null == param && !paramTypes[i].isPrimitive()) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:269: path: Condition "size >= 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:271: path: Condition "cachedContent != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:273: path: Condition "dfos.isInMemory()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:274: returned_null: "getData" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:274: null_array_length: Accessing length of null array "dfos.getData()". +# 272| return cachedContent.length; +# 273| } else if (dfos.isInMemory()) { +# 274|-> return dfos.getData().length; +# 275| } else { +# 276| return dfos.getFile().length(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:629: path: Condition "org.apache.tomcat.util.modeler.Registry.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:633: path: Condition "bean == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:639: path: Condition "type == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:643: returned_null: "findManagedBean" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.tomcat.util.modeler.NoDescriptorRegistry.findManagedBean".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:643: var_assigned: Assigning: "managed" = "null" return value from "findManagedBean". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java:646: null_method_call: Calling a method on null object "managed". +# 644| +# 645| // The real mbean is created and registered +# 646|-> DynamicMBean mbean = managed.createMBean(bean); +# 647| +# 648| if (getMBeanServer().isRegistered(oname)) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:47: returned_null: "getResource" returns "null" (checked 3 out of 5 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:47: var_assigned: Assigning: "url" = "null" return value from "getResource". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:49: null_method_call: Calling a method on null object "url". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java:41: example_assign: Example 1: Assigning: "classpathUrl" = return value from "(org.apache.catalina.webresources.ClasspathURLStreamHandler.class).getResource(path)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java:44: example_checked: Example 1 (cont.): "classpathUrl" has its value checked in "classpathUrl == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:154: example_assign: Example 2: Assigning: "location" = return value from "org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_SERVLET_CONTEXT.getResource("resources/" + name)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:155: example_checked: Example 2 (cont.): "location" has its value checked in "location == null". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:156: example_assign: Example 3: Assigning: "location" = return value from "org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_JSP_CONTEXT.getResource("resources/" + name)". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:158: example_checked: Example 3 (cont.): "location" has its value checked in "location == null". +# 47| URL url = Registry.getRegistry(null, null).getClass().getResource +# 48| ("/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd"); +# 49|-> digester.register +# 50| ("-//Apache Software Foundation//DTD Model MBeans Configuration File", +# 51| url.toString()); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:87: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:87: identity: Calling "iterator". This call assigns "sslHostConfig.getCertificates(true)" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:87: assign: Assigning: "certificate$iterator" = "sslHostConfig.getCertificates(true).iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:87: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:87: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:88: identity: Calling "getSSLUtil". This call assigns "certificate" to "().certificate". (The virtual call resolves to "org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate)".) Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:88: assign: Assigning: "sslUtil" = "sslImplementation.getSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:97: password_use: Calling "createSSLContext". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:97: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 95| SSLContext sslContext; +# 96| try { +# 97|-> sslContext = sslUtil.createSSLContext(negotiableProtocols); +# 98| } catch (Exception e) { +# 99| throw new IllegalArgumentException(e.getMessage(), e); +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:97: note: trimmed 1 message(s) with length over 512 + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:451: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:451: assign: Assigning: "certificates" = "sslHostConfig.getCertificates(true)". Now "(certificates).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: identity: Calling "iterator". This call assigns "certificates" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: assign: Assigning: "certificate$iterator" = "certificates.iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: identity: Calling "OpenSSLUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:459: password_use: Calling "createSSLContext". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:459: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 457| +# 458| try { +# 459|-> sslContext = (OpenSSLContext) sslUtil.createSSLContext(negotiableProtocols); +# 460| } catch (Exception e) { +# 461| throw new IllegalArgumentException(e.getMessage(), e); +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:459: note: trimmed 1 message(s) with length over 512 + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:451: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:451: assign: Assigning: "certificates" = "sslHostConfig.getCertificates(true)". Now "(certificates).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: identity: Calling "iterator". This call assigns "certificates" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: assign: Assigning: "certificate$iterator" = "certificates.iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:452: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:464: identity: Calling "OpenSSLUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:464: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:465: password_use: Calling "getKeyManagers". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers()".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:465: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 463| } else { +# 464| SSLUtil sslUtil = new OpenSSLUtil(certificate); +# 465|-> KeyManager[] kms = sslUtil.getKeyManagers(); +# 466| certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms)); +# 467| sslContext.addCertificate(certificate); +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:465: note: trimmed 1 message(s) with length over 512 + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:966: path: Condition "size == sockets.length", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:969: path: Condition "i < size", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:970: path: Condition "sockets[i] == socket", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:974: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:969: path: Condition "i < size", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:978: read_volatile: Reading "size", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:978: intervening_update: Another thread writes to "size". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:978: stale_update: Updating "size" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:966: example_comparison: Example 1: Example comparison of "size" to value, suggesting a semantically meaningful use. +# 976| timeouts[size] = timeout; +# 977| flags[size] = flag; +# 978|-> size++; +# 979| return true; +# 980| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:984: path: Condition "i < size", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:985: path: Condition "sockets[i] == socket", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:989: read_volatile: Reading "size", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:989: intervening_update: Another thread writes to "size". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:989: stale_update: Updating "size" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:966: example_comparison: Example 1: Example comparison of "size" to value, suggesting a semantically meaningful use. +# 987| timeouts[i] = timeouts[size - 1]; +# 988| flags[size] = flags[size -1]; +# 989|-> size--; +# 990| return true; +# 991| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2706: path: Condition "getError() == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2709: path: Condition "!completionDone", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2719: path: Condition "i < length", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2720: path: Condition "buffers[i + offset].hasRemaining()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2722: path: Breaking from loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2725: path: Condition "buffer == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2725: var_compare_op: Comparing "buffer" to null implies that "buffer" might be null. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2725: path: Condition "flushBytes == 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2730: path: Condition "read", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2733: path: Condition "block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2733: path: Condition "!flush(block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2734: path: Condition "flushBytes > 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2739: null_method_call: Calling a method on null object "buffer". +# 2737| flushBytes = 0; +# 2738| } else { +# 2739|-> @SuppressWarnings("null") // Not possible +# 2740| int remaining = buffer.remaining(); +# 2741| write(block == BlockingMode.BLOCK, buffer); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1439: path: Condition "data.fchannel == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1442: alloc_fn: A new resource is returned from allocation method "open". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1442: leaked_resource: Failing to save or close resource created by "java.nio.channels.FileChannel.open(path, java.nio.file.StandardOpenOption.READ)" leaks it. +# 1440| java.nio.file.Path path = new File(sendfileData.fileName).toPath(); +# 1441| try { +# 1442|-> data.fchannel = java.nio.channels.FileChannel +# 1443| .open(path, StandardOpenOption.READ).position(sendfileData.pos); +# 1444| } catch (IOException e) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:238: path: Condition "getUseInheritedChannel()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:247: path: Condition "getUnixDomainSocketPath() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:251: path: Condition "getUnixDomainSocketPathPermissions() != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:255: alloc_fn: A new resource is returned from allocation method "getFileSystem". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:255: path: Condition "path.getFileSystem().supportedFileAttributeViews().contains("posix")", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java:255: leaked_resource: Failing to save or close resource created by "path.getFileSystem()" leaks it. +# 253| Set permissions = +# 254| PosixFilePermissions.fromString(getUnixDomainSocketPathPermissions()); +# 255|-> if (path.getFileSystem().supportedFileAttributeViews().contains("posix")) { +# 256| FileAttribute> attrs = PosixFilePermissions.asFileAttribute(permissions); +# 257| Files.setAttribute(path, attrs.name(), attrs.value()); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: read_volatile: Reading "readBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: intervening_update: Another thread writes to "readBuffer". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: stale_update: Updating "readBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 220| public void expand(int newSize) { +# 221| configureReadBufferForWrite(); +# 222|-> readBuffer = ByteBufferUtils.expand(readBuffer, newSize); +# 223| configureWriteBufferForWrite(); +# 224| writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: read_volatile: Reading "writeBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: intervening_update: Another thread writes to "writeBuffer". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: stale_update: Updating "writeBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 222| readBuffer = ByteBufferUtils.expand(readBuffer, newSize); +# 223| configureWriteBufferForWrite(); +# 224|-> writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize); +# 225| } +# 226| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:249: read_volatile: Reading "keepAliveLeft", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:249: intervening_update: Another thread writes to "keepAliveLeft". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:249: stale_update: Updating "keepAliveLeft" based on a stale value. Any intervening update in another thread is overwritten. +# 247| +# 248| public void setKeepAliveLeft(int keepAliveLeft) { this.keepAliveLeft = keepAliveLeft; } +# 249|-> public int decrementKeepAlive() { return (--keepAliveLeft); } +# 250| +# 251| public String getRemoteHost() { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1059: path: Condition "nBytes.longValue() < 0", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1062: read_volatile: Reading "state.nBytes", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1062: intervening_update: Another thread writes to "state.nBytes". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1062: stale_update: Updating "state.nBytes" based on a stale value. Any intervening update in another thread is overwritten. +# 1060| failed(new EOFException(), state); +# 1061| } else { +# 1062|-> state.nBytes += nBytes.longValue(); +# 1063| CompletionState currentState = state.isInline() ? CompletionState.INLINE : CompletionState.DONE; +# 1064| boolean complete = true; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:211: path: Condition "initialized", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:216: path: Condition "sslHostConfig.getInsecureRenegotiation()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:218: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:224: path: Condition "sslHostConfig.getHonorCipherOrder()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:226: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:231: path: Condition "sslHostConfig.getDisableCompression()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:233: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:238: path: Condition "sslHostConfig.getDisableSessionTickets()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:240: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:247: path: Condition "certificate.getCertificateFile() == null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:255: path: Switch case value "org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification.NONE". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:258: path: Breaking from switch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:271: path: Condition "tms != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:291: returned_null: "getAcceptedIssuers" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.tribes.membership.cloud.AbstractStreamProvider.1.getAcceptedIssuers".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:291: null_array_length: Accessing length of null array "x509TrustManager.getAcceptedIssuers()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java:99: example_assign: Example 1: Assigning: "accepted" = return value from "((javax.net.ssl.X509TrustManager)tm).getAcceptedIssuers()". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java:100: example_checked: Example 1 (cont.): "accepted" has its value checked in "accepted != null". +# 289| // by the server during the handshake to allow the client choosing +# 290| // an acceptable certificate +# 291|-> for (X509Certificate caCert : x509TrustManager.getAcceptedIssuers()) { +# 292| SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded()); +# 293| if (log.isDebugEnabled()) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:188: new_resource: "new java.io.FileWriter(destination, false)" creates a new resource. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:188: var_assign: Assigning: "writer" = resource returned from "new java.io.BufferedWriter(new java.io.FileWriter(destination, false))". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: noescape: Resource "writer" is not closed or saved in "write". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: path: Throwing "java.io.IOException" (or subclass) from call to "write"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: leaked_resource: Variable "writer" going out of scope leaks the resource it refers to. +# 187| File destination = new File(directory, className+".java"); +# 188| BufferedWriter writer = new BufferedWriter(new FileWriter(destination, false)); +# 189|-> writer.write(code.toString()); +# 190| writer.flush(); +# 191| writer.close(); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:329: path: Iterating over another element of "uncompressedParts". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: path: Condition "emptyMessage", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: path: Condition "emptyPart", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: read_volatile: Reading "emptyMessage", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: intervening_update: Another thread writes to "emptyMessage". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: stale_update: Updating "emptyMessage" based on a stale value. Any intervening update in another thread is overwritten. +# 330| byte opCode = uncompressedPart.getOpCode(); +# 331| boolean emptyPart = uncompressedPart.getPayload().limit() == 0; +# 332|-> emptyMessage = emptyMessage && emptyPart; +# 333| if (Util.isControl(opCode)) { +# 334| // Control messages can appear in the middle of other messages + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:194: path: Iterating over another element of "interfaces". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:196: path: Condition "iface instanceof java.lang.reflect.ParameterizedType", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:199: path: Condition "pi.getRawType() instanceof java.lang.Class", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:200: path: Condition "type.isAssignableFrom((java.lang.Class)pi.getRawType())", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:206: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:194: path: No elements left in "interfaces", leaving loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:212: path: Condition "superClazz == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:219: path: Condition "superClassTypeResult.getIndex() == -1", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:225: path: Condition "superClassTypeResult.getIndex() > -1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:229: returned_null: "getGenericSuperclass" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:229: var_assigned: Assigning: "superClassType" = "null" return value from "getGenericSuperclass". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java:231: null_method_call: Calling a method on null object "superClassType". +# 229| ParameterizedType superClassType = +# 230| (ParameterizedType) clazz.getGenericSuperclass(); +# 231|-> TypeResult result = getTypeParameter(clazz, +# 232| superClassType.getActualTypeArguments()[ +# 233| superClassTypeResult.getIndex()]); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 671| long toSkip = Math.min(payloadLength - payloadWritten, inputBuffer.remaining()); +# 672| inputBuffer.position(inputBuffer.position() + (int) toSkip); +# 673|-> payloadWritten += toSkip; +# 674| if (payloadWritten == payloadLength) { +# 675| if (continuationExpected) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 969| dest.put(inputBuffer); +# 970| inputBuffer.limit(orgLimit); +# 971|-> payloadWritten += toWrite; +# 972| +# 973| if (payloadWritten == payloadLength) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "payloadWritten < payloadLength", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "inputBuffer.remaining() > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "dest.hasRemaining()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1009: path: Condition "maskIndex == 4", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 1010| maskIndex = 0; +# 1011| } +# 1012|-> payloadWritten++; +# 1013| dest.put(b); +# 1014| } + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:193: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:203: path: Condition ""ws".equalsIgnoreCase(scheme)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:205: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:215: path: Condition "host == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:227: path: Iterating over another element of "proxies". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:228: path: Condition "proxy.type().equals(java.net.Proxy.Type.HTTP)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:230: path: Condition "sa instanceof java.net.InetSocketAddress", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:232: path: Condition "inet.isUnresolved()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:237: path: Breaking from loop. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:243: path: Condition "port == -1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:244: path: Condition ""ws".equalsIgnoreCase(scheme)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:246: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:253: path: Condition "sa == null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:263: path: Condition "org.apache.tomcat.websocket.Constants.DEFAULT_ORIGIN_HEADER_VALUE != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:263: path: Condition "!reqHeaders.containsKey("Origin" /* org.apache.tomcat.websocket.Constants.ORIGIN_HEADER_NAME */)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:273: alloc_fn: A new resource is returned from allocation method "open". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:273: var_assign: Assigning: "socketChannel" = resource returned from "java.nio.channels.AsynchronousSocketChannel.open(getAsynchronousChannelGroup())". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:274: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:284: path: Condition "timeoutValue != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:285: path: Throwing "java.lang.NumberFormatException" from call to "valueOf"; exiting method with uncaught exception. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:285: leaked_resource: Variable "socketChannel" going out of scope leaks the resource it refers to. +# 283| String timeoutValue = (String) userProperties.get(Constants.IO_TIMEOUT_MS_PROPERTY); +# 284| if (timeoutValue != null) { +# 285|-> timeout = Long.valueOf(timeoutValue).intValue(); +# 286| } +# 287| + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:918: hardcoded_credential: The constant string ""changeit"" is a credential or key. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:918: assign: Assigning: "sslTrustStorePwdValue" = ""changeit"". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:924: identity: Calling "toCharArray". This call assigns "sslTrustStorePwdValue" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:924: password_use: Calling "load". This call uses the constant string as a password. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:924: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 922| KeyStore ks = KeyStore.getInstance("JKS"); +# 923| try (InputStream is = new FileInputStream(keyStoreFile)) { +# 924|-> KeyStoreUtil.load(ks, is, sslTrustStorePwdValue.toCharArray()); +# 925| } +# 926| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:91: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:97: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:103: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:107: returned_null: "addFilter" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.addFilter".) +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:107: var_assigned: Assigning: "fr" = "null" return value from "addFilter". +apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:109: null_method_call: Calling a method on null object "fr". +# 107| FilterRegistration.Dynamic fr = servletContext.addFilter( +# 108| "Tomcat WebSocket (JSR356) Filter", new WsFilter()); +# 109|-> fr.setAsyncSupported(true); +# 110| +# 111| EnumSet types = EnumSet.of(DispatcherType.REQUEST, + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1069: path: Condition "busy.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1072: return_iterator: Call to "iterator" returns an iterator from "busy". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1072: assign: Assigning: "locked" = "busy.iterator()". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1074: path: Condition "locked.hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1081: path: Condition "idle.contains(con)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1081: path: Condition "con.isReleased()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1086: path: Condition "shouldAbandon()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1086: path: Condition "now - time > con.getAbandonTimeout()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1087: modify_iterable: Call to "remove" modifies "Iterable" "busy" which invalidates iterator "locked". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1090: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1097: path: Condition "setToNull", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1101: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1074: invalid_iterator: Using invalid iterator "locked" in call to "hasNext". +# 1072| Iterator locked = busy.iterator(); +# 1073| int sto = getPoolProperties().getSuspectTimeout(); +# 1074|-> while (locked.hasNext()) { +# 1075| PooledConnection con = locked.next(); +# 1076| boolean setToNull = false; + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1120: path: Condition "idle.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1124: return_iterator: Call to "iterator" returns an iterator from "idle". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1124: assign: Assigning: "unlocked" = "idle.iterator()". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "ignoreMinSize", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "unlocked.hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1131: path: Condition "busy.contains(con)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1135: path: Condition "shouldReleaseIdle(now, con, time)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1138: modify_iterable: Call to "remove" modifies "Iterable" "idle" which invalidates iterator "unlocked". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1140: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1145: path: Condition "setToNull", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1149: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "ignoreMinSize", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: invalid_iterator: Using invalid iterator "unlocked" in call to "hasNext". +# 1123| long now = System.currentTimeMillis(); +# 1124| Iterator unlocked = idle.iterator(); +# 1125|-> while ( (ignoreMinSize || (idle.size()>=getPoolProperties().getMinIdle())) && unlocked.hasNext()) { +# 1126| PooledConnection con = unlocked.next(); +# 1127| boolean setToNull = false; + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1181: path: Condition "idle.isEmpty()", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1184: return_iterator: Call to "iterator" returns an iterator from "idle". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1184: assign: Assigning: "unlocked" = "idle.iterator()". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1185: path: Condition "unlocked.hasNext()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1190: path: Condition "busy.contains(con)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1195: path: Condition "checkMaxAgeOnly", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1196: path: Condition "!reconnectIfExpired(con)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1197: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1200: path: Condition "release", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1201: modify_iterable: Call to "remove" modifies "Iterable" "idle" which invalidates iterator "unlocked". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1207: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1185: invalid_iterator: Using invalid iterator "unlocked" in call to "hasNext". +# 1183| } +# 1184| Iterator unlocked = idle.iterator(); +# 1185|-> while (unlocked.hasNext()) { +# 1186| PooledConnection con = unlocked.next(); +# 1187| try { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1497: returned_null: "get" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1497: var_assigned: Assigning: "con" = "null" return value from "get". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1498: null_method_call: Calling a method on null object "con". +# 1496| try { +# 1497| Connection con = get(); //complete this future +# 1498|-> con.close(); //return to the pool +# 1499| }catch (ExecutionException ex) { +# 1500| //we can ignore this + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:99: path: Condition "!waiters.isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:101: returned_null: "waiters.poll()" returns "null". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:101: var_assigned: Assigning: "c" = "null" return value from "poll". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:103: null_method_call: Calling a method on null object "c". +# 101| c = waiters.poll(); +# 102| //give the object to the thread instead of adding it to the pool +# 103|-> c.setItem(e); +# 104| if (isLinux) { +# 105| c.countDown(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:110: path: Condition "!waiters[idx].isEmpty()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:112: returned_null: "waiters[idx].poll()" returns "null". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:112: var_assigned: Assigning: "c" = "null" return value from "poll". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:114: null_method_call: Calling a method on null object "c". +# 112| c = waiters[idx].poll(); +# 113| //give the object to the thread instead of adding it to the pool +# 114|-> c.setItem(e); +# 115| } else { +# 116| //we always add first, so that the most recently used object will be given out + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:269: password_use: Calling "getXAConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.XADataSource.getXAConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:269: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 267| javax.sql.XADataSource xds = (javax.sql.XADataSource)poolProperties.getDataSource(); +# 268| if (usr!=null && pwd!=null) { +# 269|-> xaConnection = xds.getXAConnection(usr, pwd); +# 270| connection = xaConnection.getConnection(); +# 271| } else { + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:278: password_use: Calling "getConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.DataSource.getConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:278: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 276| javax.sql.DataSource ds = (javax.sql.DataSource)poolProperties.getDataSource(); +# 277| if (usr!=null && pwd!=null) { +# 278|-> connection = ds.getConnection(usr, pwd); +# 279| } else { +# 280| connection = ds.getConnection(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:254: path: Condition "getAttributes().containsKey("user" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:256: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:260: path: Condition "getAttributes().containsKey("password" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:262: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:266: path: Condition "poolProperties.getDataSource() instanceof javax.sql.XADataSource", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:275: path: Condition "poolProperties.getDataSource() instanceof javax.sql.DataSource", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:282: path: Condition "poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "usr != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "pwd != null", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: jdbc_fn: An open JDBC connection is returned from "getPooledConnection". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: noescape: Resource "ds.getPooledConnection(usr, pwd)" is not closed or saved in "getConnection". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: leaked_connection: Failing to save or close JDBC connection open by "ds.getPooledConnection(usr, pwd)" leaks it. +# 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource(); +# 284| if (usr!=null && pwd!=null) { +# 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection(); +# 286| } else { +# 287| connection = ds.getPooledConnection().getConnection(); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: password_use: Calling "getPooledConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.ConnectionPoolDataSource.getPooledConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource(); +# 284| if (usr!=null && pwd!=null) { +# 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection(); +# 286| } else { +# 287| connection = ds.getPooledConnection().getConnection(); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: assign: Assigning: "pwd" = "poolProperties.getPassword()". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:340: identity: Calling "setProperty". This call assigns "pwd" to "properties". (The virtual call resolves to "java.util.Properties.setProperty(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:345: password_use: Calling "getConnection". This call uses the constant string as a password. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:345: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 343| try { +# 344| if (driver==null) { +# 345|-> connection = DriverManager.getConnection(driverURL, properties); +# 346| } else { +# 347| connection = driver.connect(driverURL, properties); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: assign: Assigning: "pwd" = "poolProperties.getPassword()". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:340: identity: Calling "setProperty". This call assigns "pwd" to "properties". (The virtual call resolves to "java.util.Properties.setProperty(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:347: password_use: Calling "connect". This call uses the constant string as a password. (The virtual call resolves to "java.sql.Driver.connect(java.lang.String, java.util.Properties)".) +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:347: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 345| connection = DriverManager.getConnection(driverURL, properties); +# 346| } else { +# 347|-> connection = driver.connect(driverURL, properties); +# 348| } +# 349| } catch (Exception x) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:93: path: Condition "compare("isClosed" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.ISCLOSED_VAL */, method)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:96: path: Condition "compare("close" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.CLOSE_VAL */, method)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:105: path: Condition "compare("toString" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.TOSTRING_VAL */, method)", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: path: Condition "compare("getConnection" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.GETCONNECTION_VAL */, method)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: path: Condition "connection != null", taking false branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: var_compare_op: Comparing "connection" to null implies that "connection" might be null. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:109: path: Condition "method.getDeclaringClass().isAssignableFrom(javax.sql.XAConnection.class)", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:111: null_method_call: Calling a method on null object "connection". +# 109| } else if (method.getDeclaringClass().isAssignableFrom(XAConnection.class)) { +# 110| try { +# 111|-> return method.invoke(connection.getXAConnection(),args); +# 112| }catch (Throwable t) { +# 113| if (t instanceof InvocationTargetException) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: read_volatile: Reading "prepareCount", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: intervening_update: Another thread writes to "prepareCount". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: stale_update: Updating "prepareCount" based on a stale value. Any intervening update in another thread is overwritten. +# 416| +# 417| public void prepare(long invocationTime) { +# 418|-> prepareCount++; +# 419| prepareTime+=invocationTime; +# 420| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: read_volatile: Reading "prepareTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: intervening_update: Another thread writes to "prepareTime". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: stale_update: Updating "prepareTime" based on a stale value. Any intervening update in another thread is overwritten. +# 417| public void prepare(long invocationTime) { +# 418| prepareCount++; +# 419|-> prepareTime+=invocationTime; +# 420| +# 421| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: read_volatile: Reading "maxInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: intervening_update: Another thread writes to "maxInvocationTime". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: stale_update: Updating "maxInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: example_comparison: Example 1: Example comparison of "maxInvocationTime" to value, suggesting a semantically meaningful use. +# 423| public void add(long invocationTime, long now) { +# 424| //not thread safe, but don't sacrifice performance for this kind of stuff +# 425|-> maxInvocationTime = Math.max(invocationTime, maxInvocationTime); +# 426| if (maxInvocationTime == invocationTime) { +# 427| maxInvocationDate = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: read_volatile: Reading "minInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: intervening_update: Another thread writes to "minInvocationTime". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: stale_update: Updating "minInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: example_comparison: Example 1: Example comparison of "minInvocationTime" to value, suggesting a semantically meaningful use. +# 427| maxInvocationDate = now; +# 428| } +# 429|-> minInvocationTime = Math.min(invocationTime, minInvocationTime); +# 430| if (minInvocationTime==invocationTime) { +# 431| minInvocationDate = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: path: Condition "minInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: read_volatile: Reading "nrOfInvocations", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: intervening_update: Another thread writes to "nrOfInvocations". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: stale_update: Updating "nrOfInvocations" based on a stale value. Any intervening update in another thread is overwritten. +# 431| minInvocationDate = now; +# 432| } +# 433|-> nrOfInvocations++; +# 434| totalInvocationTime+=invocationTime; +# 435| lastInvocation = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: path: Condition "minInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: read_volatile: Reading "totalInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: intervening_update: Another thread writes to "totalInvocationTime". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: stale_update: Updating "totalInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +# 432| } +# 433| nrOfInvocations++; +# 434|-> totalInvocationTime+=invocationTime; +# 435| lastInvocation = now; +# 436| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: read_volatile: Reading "failures", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: intervening_update: Another thread writes to "failures". +apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: stale_update: Updating "failures" based on a stale value. Any intervening update in another thread is overwritten. +# 438| public void failure(long invocationTime, long now) { +# 439| add(invocationTime,now); +# 440|-> failures++; +# 441| +# 442| } + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: return_thread_shared: Call to "getServletConfig" returns a pointer to thread-shared data. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:27: thread_entry_point: "doGet" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: thread_unsafe_modification: Thread-shared "getServletConfig()" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: write: "getServletConfig()" is modified in call to "getServletContext". (The virtual call resolves to "org.apache.catalina.core.StandardWrapperFacade.getServletContext".) +# 31| // Set the attribute and Forward to hello.jsp +# 32| request.setAttribute ("servletName", "servletToJsp"); +# 33|-> getServletConfig().getServletContext().getRequestDispatcher( +# 34| "/jsp/jsptoserv/hello.jsp").forward(request, response); +# 35| } catch (Exception ex) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:91: path: Condition "run", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:92: path: Condition "j < 1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:94: path: Condition "i < 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:100: path: Condition "plus", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:102: path: Falling through to end of if statement. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: read_volatile: Reading "ticknr", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: intervening_update: Another thread writes to "ticknr". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: stale_update: Updating "ticknr" based on a stale value. Any intervening update in another thread is overwritten. +# 103| stock.setValue(stock.getValue() - change); +# 104| } +# 105|-> stock.setCnt(++ticknr); +# 106| for (TickListener l : listeners) { +# 107| l.tick(stock); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:105: path: Condition "sis.isReady()", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:105: path: Condition "read > -1", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:107: path: Condition "read > 0", taking true branch. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: read_volatile: Reading "totalBytesRead", a volatile field, without any lock held. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: intervening_update: Another thread writes to "totalBytesRead". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: stale_update: Updating "totalBytesRead" based on a stale value. Any intervening update in another thread is overwritten. +# 106| read = sis.read(buffer); +# 107| if (read > 0) { +# 108|-> totalBytesRead += read; +# 109| } +# 110| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: enhanced_for: Starting an iteration on "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: path: Iterating over another element of "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:95: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:107: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: path: Iterating over another element of "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:93: path: Throwing "java.io.IOException" (or subclass) from call to "sendText". (The virtual call resolves to "org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText".) +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:95: path: Catching exception. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:97: modify_iterable: Call to "remove" modifies "Iterable" "websocket.chat.ChatAnnotation.connections" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:100: path: Falling through to end of try statement. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:107: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: invalid_loop: Attempting to obtain another element from "websocket.chat.ChatAnnotation.connections" after it's been modified. +# 88| +# 89| private static void broadcast(String msg) { +# 90|-> for (ChatAnnotation client : connections) { +# 91| try { +# 92| synchronized (client) { + +Error: STRING_OVERFLOW (CWE-120): +ppp-ppp-2.4.9/pppd/ipv6cp.c:1411: returned_string: "llv6_ntoa" returns a source buffer of 64 characters in size. +ppp-ppp-2.4.9/pppd/ipv6cp.c:1411: string_overflow: You might overrun the 32-character destination string "strlocal" by writing 64 characters from "llv6_ntoa(ipv6cp_gotoptions[0].ourid)". +# 1409| +# 1410| sprintf(strspeed, "%d", baud_rate); +# 1411|-> strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid)); +# 1412| strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid)); +# 1413| + +Error: STRING_OVERFLOW (CWE-120): +ppp-ppp-2.4.9/pppd/ipv6cp.c:1412: returned_string: "llv6_ntoa" returns a source buffer of 64 characters in size. +ppp-ppp-2.4.9/pppd/ipv6cp.c:1412: string_overflow: You might overrun the 32-character destination string "strremote" by writing 64 characters from "llv6_ntoa(ipv6cp_hisoptions[0].hisid)". +# 1410| sprintf(strspeed, "%d", baud_rate); +# 1411| strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid)); +# 1412|-> strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid)); +# 1413| +# 1414| argv[0] = script; + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:115: path: Condition "endpoint == null", taking true branch. +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:121: alloc_fn: A new resource is returned from allocation method "_createParser". +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:121: var_assign: Assigning: "jp" = resource returned from "_createParser(reader, entityStream)". +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:123: path: Condition "jp == null", taking false branch. +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:123: noescape: Resource "jp" is not closed or saved in "nextToken". (The virtual call resolves to "com.fasterxml.jackson.core.util.JsonParserDelegate.nextToken".) +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:123: path: Condition "jp.nextToken() == null", taking true branch. +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java:124: leaked_resource: Variable "jp" going out of scope leaks the resource it refers to. +# 122| // If null is returned, considered to be empty stream +# 123| if (jp == null || jp.nextToken() == null) { +# 124|-> return null; +# 125| } +# 126| // [Issue#1]: allow 'binding' to JsonParser + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:158: path: Condition "request.getEntity() != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:160: path: Condition "request.getMethod().equals("GET")", taking false branch. +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:171: alloc_fn: A new resource is returned from allocation method "getOutputStream". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:171: var_assign: Assigning: "os" = resource returned from "connection.getOutputStream()". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:172: noescape: Resource "os" is not closed or saved in "write". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:172: path: Throwing "java.io.IOException" (or subclass) from call to "write". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java:172: leaked_resource: Variable "os" going out of scope leaks the resource it refers to. +# 170| connection.setDoOutput(true); +# 171| OutputStream os = connection.getOutputStream(); +# 172|-> os.write(baos.toByteArray()); +# 173| os.flush(); +# 174| os.close(); + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java:191: returned_null: "getHttpMethods" returns "null" (checked 14 out of 15 times). +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java:191: var_assigned: Assigning: "httpMethods" = "null" return value from "getHttpMethods". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java:192: null_method_call: Calling a method on null object "httpMethods". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/ProxyBuilder.java:86: example_assign: Example 1: Assigning: "httpMethods" = return value from "org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/ProxyBuilder.java:87: example_checked: Example 1 (cont.): "httpMethods" has its value checked in "httpMethods == null". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java:198: example_assign: Example 2: Assigning: "httpMethods" = return value from "org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java:199: example_checked: Example 2 (cont.): "httpMethods" has its value checked in "httpMethods != null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyBuilder.java:147: example_assign: Example 3: Assigning: "httpMethods" = return value from "org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyBuilder.java:148: example_checked: Example 3 (cont.): "httpMethods" has its value checked in "httpMethods == null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyFactory.java:92: example_assign: Example 4: Assigning: "httpMethods" = return value from "org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyFactory.java:93: example_checked: Example 4 (cont.): "httpMethods" has its value checked in "httpMethods == null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ResponseObjectEntityExtractorFactory.java:206: example_assign: Example 5: Assigning: "httpMethods" = return value from "org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ResponseObjectEntityExtractorFactory.java:207: example_checked: Example 5 (cont.): "httpMethods" has its value checked in "httpMethods != null". +# 190| +# 191| Set httpMethods = IsHttpMethod.getHttpMethods(method); +# 192|-> clientInvoker.setHttpMethod(httpMethods.iterator().next()); +# 193| return clientInvoker; +# 194| } + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:193: path: Condition "cc != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:196: path: Condition "cacheControl.isNoCache()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:198: path: Falling through to end of if statement. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:210: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:210: noescape: Resource "response.getStreamFactory().getInputStream()" is not closed or saved in "readFromStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:210: leaked_resource: Failing to save or close resource created by "response.getStreamFactory().getInputStream()" leaks it. +# 208| String contentType = (String) response.getResponseHeaders().getFirst(HttpHeaders.CONTENT_TYPE); +# 209| +# 210|-> byte[] cached = ReadFromStream.readFromStream(1024, response.getStreamFactory().getInputStream()); +# 211| response.getStreamFactory().performReleaseConnection(); +# 212| + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: noescape: Resource "this.streamFactory.getInputStream()" is not closed or saved in "markSupported". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: path: Condition "this.streamFactory.getInputStream().markSupported()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: leaked_resource: Failing to save or close resource created by "this.streamFactory.getInputStream()" leaks it. +# 332| try +# 333| { +# 334|-> if (this.streamFactory.getInputStream().markSupported()) +# 335| { +# 336| this.streamFactory.getInputStream().reset(); + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: returned_null: "getInputStream" returns "null" (checked 3 out of 7 times). (The virtual call resolves to "org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: null_method_call: Calling a method on null object "this.streamFactory.getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:432: example_assign: Example 1: Assigning: "is" = return value from "streamFactory.getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:433: example_checked: Example 1 (cont.): "is" has its value checked in "is == null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java:266: example_assign: Example 2: Assigning: "is" = return value from "getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java:267: example_checked: Example 2 (cont.): "is" has its value checked in "is != null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:38: example_assign: Example 3: Assigning: "stream" = return value from "clientResponse.getStreamFactory().getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:39: example_checked: Example 3 (cont.): "stream" has its value checked in "stream != null". +# 332| try +# 333| { +# 334|-> if (this.streamFactory.getInputStream().markSupported()) +# 335| { +# 336| this.streamFactory.getInputStream().reset(); + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: path: Condition "this.streamFactory.getInputStream().markSupported()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:336: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:336: noescape: Resource "this.streamFactory.getInputStream()" is not closed or saved in "reset". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:336: leaked_resource: Failing to save or close resource created by "this.streamFactory.getInputStream()" leaks it. +# 334| if (this.streamFactory.getInputStream().markSupported()) +# 335| { +# 336|-> this.streamFactory.getInputStream().reset(); +# 337| } +# 338| } + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:334: path: Condition "this.streamFactory.getInputStream().markSupported()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:336: returned_null: "getInputStream" returns "null" (checked 3 out of 7 times). (The virtual call resolves to "org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:336: null_method_call: Calling a method on null object "this.streamFactory.getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:432: example_assign: Example 1: Assigning: "is" = return value from "streamFactory.getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:433: example_checked: Example 1 (cont.): "is" has its value checked in "is == null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java:266: example_assign: Example 2: Assigning: "is" = return value from "getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java:267: example_checked: Example 2 (cont.): "is" has its value checked in "is != null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:38: example_assign: Example 3: Assigning: "stream" = return value from "clientResponse.getStreamFactory().getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:39: example_checked: Example 3 (cont.): "stream" has its value checked in "stream != null". +# 334| if (this.streamFactory.getInputStream().markSupported()) +# 335| { +# 336|-> this.streamFactory.getInputStream().reset(); +# 337| } +# 338| } + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java:72: returned_null: "getInterceptors" returns "null" (checked 0 out of 1 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java:72: var_assigned: Assigning: "interceptors" = "null" return value from "getInterceptors". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java:73: null_method_call: Calling a method on null object "interceptors". +# 71| { +# 72| LinkedList interceptors = getInterceptors(type); +# 73|-> return (T[]) interceptors.toArray((T[]) Array.newInstance(type, +# 74| interceptors.size())); +# 75| } + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:30: path: Iterating over another element of "interceptors". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:39: path: Condition "stream != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:43: path: Falling through to end of try statement. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:50: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:30: path: Iterating over another element of "interceptors". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:38: alloc_fn: A new resource is returned from allocation method "getInputStream". (The virtual call resolves to "org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:38: var_assign: Assigning: "stream" = resource returned from "clientResponse.getStreamFactory().getInputStream()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:39: path: Condition "stream != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:41: noescape: Resource "stream" is not closed or saved in "reset". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java:43: leaked_resource: Variable "stream" going out of scope leaks the resource it refers to. +# 41| stream.reset(); +# 42| } +# 43|-> } +# 44| catch (IOException e1) +# 45| { + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java:357: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java:357: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java:357: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "inOneWay". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.inOneWay".) +# 355| public void oneway(HttpRequest request, HttpResponse response, final ResourceInvoker invoker) +# 356| { +# 357|-> LogMessages.LOGGER.inOneWay(); +# 358| final MockHttpRequest in; +# 359| try + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:152: path: Condition "failure.isLoggable()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:153: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:153: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:153: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "failedExecutingError". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedExecutingError".) +# 151| { +# 152| if (failure.isLoggable()) +# 153|-> LogMessages.LOGGER.failedExecutingError(request.getHttpMethod(), request.getUri().getPath(), failure); +# 154| else LogMessages.LOGGER.failedExecutingDebug(request.getHttpMethod(), request.getUri().getPath(), failure); +# 155| + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:152: path: Condition "failure.isLoggable()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:154: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:154: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:154: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "failedExecutingDebug". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedExecutingDebug".) +# 152| if (failure.isLoggable()) +# 153| LogMessages.LOGGER.failedExecutingError(request.getHttpMethod(), request.getUri().getPath(), failure); +# 154|-> else LogMessages.LOGGER.failedExecutingDebug(request.getHttpMethod(), request.getUri().getPath(), failure); +# 155| +# 156| if (failure.getResponse() != null) { + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:202: path: Condition "wae instanceof javax.ws.rs.NotFoundException", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:204: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:204: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:204: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "failedToExecuteDebug". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedToExecuteDebug".) +# 202| if (wae instanceof NotFoundException) +# 203| { +# 204|-> LogMessages.LOGGER.failedToExecuteDebug(wae); +# 205| } +# 206| else if (!(wae instanceof NoLogWebApplicationException)) + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:202: path: Condition "wae instanceof javax.ws.rs.NotFoundException", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:206: path: Condition "!(wae instanceof org.jboss.resteasy.spi.NoLogWebApplicationException)", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:208: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:208: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java:208: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "failedToExecute". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedToExecute".) +# 206| else if (!(wae instanceof NoLogWebApplicationException)) +# 207| { +# 208|-> LogMessages.LOGGER.failedToExecute(wae); +# 209| } +# 210| return wae.getResponse(); + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:53: path: Condition "jaxrsResponse.getEntity() != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:55: path: Condition "jaxrsResponse.getMediaType() == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:61: path: Condition "deployment != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:65: path: Condition "addCharset", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:68: returned_null: "getFirst" returns "null" (checked 28 out of 38 times). (The virtual call resolves to "javax.ws.rs.core.AbstractMultivaluedMap.getFirst".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:68: var_assigned: Assigning: "o" = "null" return value from "getFirst". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:69: path: Condition "o instanceof javax.ws.rs.core.MediaType", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java:75: null_method_call: Calling a method on null object "o". +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/Jackson2JsonpInterceptor.java:155: example_assign: Example 1: Assigning: "function" = return value from "uri.getQueryParameters().getFirst(callbackQueryParameter)". +Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/Jackson2JsonpInterceptor.java:156: example_checked: Example 1 (cont.): "function" has its value checked in "function != null". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/cache/CacheInterceptor.java:161: example_assign: Example 2: Assigning: "etag" = return value from "old.getHeaders().getFirst("ETag")". +Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/cache/CacheInterceptor.java:169: example_checked: Example 2 (cont.): "etag" has its value checked in "etag == null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ClientRequest.java:184: example_assign: Example 3: Assigning: "curr" = return value from "getHeadersAsObjects().getFirst("Accept")". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ClientRequest.java:185: example_checked: Example 3 (cont.): "curr" has its value checked in "curr != null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:189: example_assign: Example 4: Assigning: "cc" = return value from "response.getResponseHeaders().getFirst("Cache-Control")". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java:193: example_checked: Example 4 (cont.): "cc" has its value checked in "cc != null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:304: example_assign: Example 5: Assigning: "value" = return value from "headers.getFirst(headerName)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java:305: example_checked: Example 5 (cont.): "value" has its value checked in "value == null". +# 73| else +# 74| { +# 75|-> mt = MediaType.valueOf(o.toString()); +# 76| } +# 77| if (!mt.getParameters().containsKey(MediaType.CHARSET_PARAMETER)) + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:263: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:263: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:263: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "pathInfo". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.pathInfo".) +# 261| throws Failure +# 262| { +# 263|-> LogMessages.LOGGER.pathInfo(request.getUri().getPath()); +# 264| if (!request.isInitial()) +# 265| { + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:373: path: Condition "request.getAsyncContext().isSuspended()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:381: returned_null: "getAsyncResponse" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "org.jboss.resteasy.mock.MockHttpRequest.2.getAsyncResponse".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:381: null_method_call: Calling a method on null object "request.getAsyncContext().getAsyncResponse()". +# 379| * +# 380| */ +# 381|-> request.getAsyncContext().getAsyncResponse().initialRequestThreadFinished(); +# 382| jaxrsResponse = null; // we're handing response asynchronously +# 383| } + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:407: path: Condition "request.getAsyncContext().isSuspended()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:415: returned_null: "getAsyncResponse" returns "null" (checked 0 out of 3 times). (The virtual call resolves to "org.jboss.resteasy.mock.MockHttpRequest.2.getAsyncResponse".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java:415: null_method_call: Calling a method on null object "request.getAsyncContext().getAsyncResponse()". +# 413| * +# 414| */ +# 415|-> request.getAsyncContext().getAsyncResponse().initialRequestThreadFinished(); +# 416| jaxrsResponse = null; // we're handing response asynchronously +# 417| } + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:398: path: Iterating over another element of "requestAccepts". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:398: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:398: path: No elements left in "requestAccepts", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:406: path: Iterating over another element of "matches". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:410: path: Condition "invoker.getHttpMethods().contains(httpMethod.toUpperCase())", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:413: path: Condition "invoker.doesConsume(contentType)", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:416: path: Condition "invoker.doesProduce(weightedAccepts)", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:423: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:406: path: No elements left in "matches", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:425: path: Condition "list.size() == 0", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:468: path: Iterating over another element of "list". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:471: path: Condition "contentType == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:474: path: Condition "consumes.length == 0", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:479: path: Condition "produces.length == 0", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:484: path: Iterating over another element of "consumes". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:487: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:484: path: No elements left in "consumes", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:488: path: Iterating over another element of "produces". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:491: path: Condition "acceptableMediaTypes.size() == 0", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:495: path: Iterating over another element of "acceptableMediaTypes". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:497: path: Condition "accept.isCompatible(produce)", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:508: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:495: path: Iterating over another element of "acceptableMediaTypes". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:497: path: Condition "accept.isCompatible(produce)", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:501: path: Iterating over another element of "consumeCombo". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:505: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:501: path: No elements left in "consumeCombo", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:508: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:495: path: No elements left in "acceptableMediaTypes", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:509: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:488: path: No elements left in "produces", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:510: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:468: path: No elements left in "list", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:514: path: Condition "mm != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:516: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:516: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java:516: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "multipleMethodsMatch". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.multipleMethodsMatch".) +# 514| if (mm != null) +# 515| { +# 516|-> LogMessages.LOGGER.multipleMethodsMatch(requestToString(request), mm); +# 517| } +# 518| request.setAttribute(RESTEASY_CHOSEN_ACCEPT, sortEntry.getAcceptType()); + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java:36: path: Condition "headerValues == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java:38: assign_zero: Assigning: "requested" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java:39: path: No elements left in "headerValues", leaving loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java:50: null_method_call: Calling a method on null object "requested". +# 48| } +# 49| requestedMediaTypes = requested; +# 50|-> for (Iterator it = requested.keySet().iterator(); it.hasNext(); ) +# 51| { +# 52| mediaRadix = Math.max(mediaRadix, it.next().getParameters().size()); + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:129: path: Condition "maxSize != -1", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:136: path: Condition "context != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:139: path: Condition "s != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:143: path: Throwing "java.lang.NumberFormatException" from call to "parseInt". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:145: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:147: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:147: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java:147: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "invalidFormat". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.invalidFormat".) +# 145| catch (NumberFormatException e) +# 146| { +# 147|-> LogMessages.LOGGER.invalidFormat(ResteasyContextParameters.RESTEASY_GZIP_MAX_INPUT, Integer.toString(DEFAULT_MAX_SIZE)); +# 148| } +# 149| } + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:70: path: Condition "tempFile == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:72: new_resource: "new java.io.FileInputStream(tempFile)" creates a new resource. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:72: var_assign: Assigning: "fis" = resource returned from "new java.io.FileInputStream(tempFile)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:73: identity_transfer: Passing "fis" as argument 2 to constructor for class "SequenceInputStream", which sets "bis" to a wrapper for that argument. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:73: leaked_resource: Variable "fis" going out of scope leaks the resource it refers to. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:73: leaked_resource: Variable "bis" going out of scope leaks the resource it refers to. +# 71| return bis; +# 72| InputStream fis = new FileInputStream(tempFile); +# 73|-> return new SequenceInputStream(bis, fis); +# 74| } +# 75| + +Error: RESOURCE_LEAK (CWE-404): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:103: path: Condition "readCount > 0", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:107: path: Condition "count > -1", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:110: path: Condition "cleanables != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:114: new_resource: "new java.io.FileOutputStream(tempFile)" creates a new resource. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:114: var_assign: Assigning: "fos" = resource returned from "new java.io.FileOutputStream(tempFile)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:115: noescape: Resource "fos" is not closed or saved in "write". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:115: path: Throwing "java.io.IOException" (or subclass) from call to "write"; exiting method with uncaught exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java:115: leaked_resource: Variable "fos" going out of scope leaks the resource it refers to. +# 113| } +# 114| FileOutputStream fos = new FileOutputStream(tempFile); +# 115|-> fos.write(buffer, 0, count); +# 116| try +# 117| { + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:68: path: Condition "_downloadDirectory != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:72: path: Throwing "java.io.IOException" (or subclass) from call to "createTempFile". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:75: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:79: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:79: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:79: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "couldNotBindToDirectory". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.couldNotBindToDirectory".) +# 77| // could make this configurable, so we fail on fault rather than +# 78| // default. +# 79|-> LogMessages.LOGGER.couldNotBindToDirectory(_downloadDirectory); +# 80| } +# 81| } + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:68: path: Condition "_downloadDirectory != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:72: path: Throwing "java.io.IOException" (or subclass) from call to "createTempFile". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:75: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:83: path: Condition "downloadedFile == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:87: path: Condition "cleanables != null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:93: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:93: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java:93: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "temporaryFileCreated". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.temporaryFileCreated".) +# 91| else +# 92| { +# 93|-> LogMessages.LOGGER.temporaryFileCreated(downloadedFile.getPath()); +# 94| } +# 95| + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:89: path: Condition "readers.hasNext()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:92: path: Jumping back to the beginning of the loop. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:89: path: Condition "readers.hasNext()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:94: path: Condition "reader == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java:27: thread_shared_data: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:97: thread_unsafe_modification: Thread-shared "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:97: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java:97: write: "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER" is modified in call to "readerNotFound". (The virtual call resolves to "org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.readerNotFound".) +# 95| { +# 96| String[] availableTypes = ImageIO.getReaderMIMETypes(); +# 97|-> LogMessages.LOGGER.readerNotFound(mediaType, availableTypes); +# 98| List variants = ProviderHelper.getAvailableVariants(availableTypes); +# 99| Response response = Response.notAcceptable(variants).status(Status.NOT_ACCEPTABLE).build(); + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:56: thread_shared_data: "this" is thread-shared because it has type "org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:21: thread_shared_derived: "org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher" is thread-shared because it implements "javax.servlet.Servlet". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:54: thread_entry_point: "service" is an entry point because it implements a request handler from "Servlet". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:56: thread_unsafe_modification: Thread-shared "servletContainerDispatcher" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:56: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java:56: write: "servletContainerDispatcher" is modified in call to "service". +# 54| public void service(String httpMethod, HttpServletRequest request, HttpServletResponse response) throws IOException +# 55| { +# 56|-> servletContainerDispatcher.service(httpMethod, request, response, true); +# 57| } +# 58| + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java:331: path: Condition "servletRequest.isAsyncStarted()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java:336: returned_null: "startAsync" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "javax.servlet.ServletRequestWrapper.startAsync".) +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java:336: var_assigned: Assigning: "asyncContext" = "null" return value from "startAsync". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java:337: null_method_call: Calling a method on null object "asyncContext". +# 335| asynchronousResponse = new Servle3AsychronousResponse(); +# 336| AsyncContext asyncContext = servletRequest.startAsync(); +# 337|-> asyncContext.addListener(asynchronousResponse); +# 338| wasSuspended = true; +# 339| return asyncContext; + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/InternalDispatcher.java:60: returned_null: "getResponse" returns "null" (checked 0 out of 1 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/InternalDispatcher.java:60: null_method_call: Calling a method on null object "getResponse(uri)". +# 58| public Object getEntity(String uri) +# 59| { +# 60|-> return getResponse(uri).getEntity(); +# 61| } +# 62| + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:752: path: Condition "tClass == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:753: path: Condition "headerDelegates == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:753: var_compare_op: Comparing "headerDelegates" to null implies that "headerDelegates" might be null. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:753: path: Condition "parent != null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:756: path: Condition "clazz != null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:758: null_method_call: Calling a method on null object "headerDelegates". +# 756| while (clazz != null) +# 757| { +# 758|-> HeaderDelegate delegate = headerDelegates.get(clazz); +# 759| if (delegate != null) +# 760| { + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:880: path: Condition "clientMessageBodyReaders == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:882: returned_null: "getClientMessageBodyReaders" returns "null" (checked 0 out of 3 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:882: null_method_call: Calling a method on null object "parent.getClientMessageBodyReaders()". +# 880| if (clientMessageBodyReaders == null) +# 881| { +# 882|-> clientMessageBodyReaders = parent.getClientMessageBodyReaders().clone(); +# 883| } +# 884| if (consumeMime != null) + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:966: path: Condition "clientMessageBodyWriters == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:968: returned_null: "getClientMessageBodyWriters" returns "null" (checked 0 out of 3 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:968: null_method_call: Calling a method on null object "parent.getClientMessageBodyWriters()". +# 966| if (clientMessageBodyWriters == null) +# 967| { +# 968|-> clientMessageBodyWriters = parent.getClientMessageBodyWriters().clone(); +# 969| } +# 970| if (consumeMime != null) + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:1163: path: Condition "contextResolvers == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:1166: returned_null: "getContextResolvers" returns "null" (checked 0 out of 3 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:1166: null_method_call: Calling a method on null object "parent.getContextResolvers()". +# 1164| { +# 1165| contextResolvers = new ConcurrentHashMap, MediaTypeMap>>(); +# 1166|-> for (Map.Entry, MediaTypeMap>> entry : parent.getContextResolvers().entrySet()) +# 1167| { +# 1168| contextResolvers.put(entry.getKey(), entry.getValue().clone()); + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:1247: returned_null: "getContextResolvers" returns "null" (checked 0 out of 3 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:1247: null_method_call: Calling a method on null object "getContextResolvers()". +# 1245| public List getContextResolvers(final Class clazz, MediaType type) +# 1246| { +# 1247|-> MediaTypeMap> resolvers = getContextResolvers().get(clazz); +# 1248| if (resolvers == null) return null; +# 1249| List rtn = new ArrayList(); + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:2146: returned_null: "getClientExceptionMappers" returns "null" (checked 0 out of 3 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java:2146: null_method_call: Calling a method on null object "getClientExceptionMappers()". +# 2144| public ClientExceptionMapper getClientExceptionMapper(Class type) +# 2145| { +# 2146|-> return getClientExceptionMappers().get(type); +# 2147| } +# 2148| + +Error: NULL_RETURNS (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java:49: path: Iterating over another element of "params". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java:52: path: Condition "propertyDescriptor == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java:57: returned_null: "getReadMethod" returns "null" (checked 0 out of 1 times). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java:57: var_assigned: Assigning: "readMethod" = "null" return value from "getReadMethod". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java:58: null_method_call: Calling a method on null object "readMethod". +# 56| +# 57| Method readMethod = propertyDescriptor.getReadMethod(); +# 58|-> if (!Modifier.isPublic(readMethod.getDeclaringClass().getModifiers())) +# 59| { +# 60| readMethod.setAccessible(true); + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:697: path: Condition "serializableObject == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:706: assign_zero: Assigning: "oos" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:714: path: Condition "(options & 2 /* org.jboss.resteasy.util.Base64.GZIP */) != 0", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:718: path: Throwing "java.io.IOException" (or subclass) from call to "ObjectOutputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:727: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:731: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:736: null_method_call: Calling a method on null object "oos". +# 734| { +# 735| try +# 736|-> { oos.close(); } +# 737| catch (Exception e) +# 738| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:697: path: Condition "serializableObject == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:705: assign_zero: Assigning: "gzos" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:714: path: Condition "(options & 2 /* org.jboss.resteasy.util.Base64.GZIP */) != 0", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:725: path: Throwing "java.io.IOException" (or subclass) from call to "writeObject". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:727: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:731: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:736: path: Falling through to end of try statement. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:740: null_method_call: Calling a method on null object "gzos". +# 738| {} +# 739| try +# 740|-> { gzos.close(); } +# 741| catch (Exception e) +# 742| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1462: assign_zero: Assigning: "ois" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1470: path: Condition "loader == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1472: path: Throwing "java.io.IOException" (or subclass) from call to "ObjectInputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1500: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1502: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1511: path: Falling through to end of try statement. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1515: null_method_call: Calling a method on null object "ois". +# 1513| {} +# 1514| try +# 1515|-> { ois.close(); } +# 1516| catch (Exception e) +# 1517| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1542: path: Condition "dataToEncode == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1547: assign_zero: Assigning: "bos" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1550: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileOutputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1554: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1556: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1561: null_method_call: Calling a method on null object "bos". +# 1559| { +# 1560| try +# 1561|-> { bos.close(); } +# 1562| catch (Exception e) +# 1563| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1586: assign_zero: Assigning: "bos" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1589: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileOutputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1593: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1595: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1600: null_method_call: Calling a method on null object "bos". +# 1598| { +# 1599| try +# 1600|-> { bos.close(); } +# 1601| catch (Exception e) +# 1602| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1627: assign_zero: Assigning: "bis" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1637: path: Condition "file.length() > 2147483647L /* java.lang.Integer.MAX_VALUE */", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1644: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileInputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1659: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1661: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1666: null_method_call: Calling a method on null object "bis". +# 1664| { +# 1665| try +# 1666|-> { bis.close(); } +# 1667| catch (Exception e) +# 1668| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1694: assign_zero: Assigning: "bis" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1704: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileInputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1718: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1720: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1725: null_method_call: Calling a method on null object "bis". +# 1723| { +# 1724| try +# 1725|-> { bis.close(); } +# 1726| catch (Exception e) +# 1727| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1746: assign_zero: Assigning: "out" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1749: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileOutputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1753: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1755: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1760: null_method_call: Calling a method on null object "out". +# 1758| { +# 1759| try +# 1760|-> { out.close(); } +# 1761| catch (Exception ex) +# 1762| {} + +Error: FORWARD_NULL (CWE-476): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1780: assign_zero: Assigning: "out" = "null". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1783: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileOutputStream". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1787: path: Catching exception. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1789: path: Throwing "java.io.IOException" (or subclass). +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java:1794: null_method_call: Calling a method on null object "out". +# 1792| { +# 1793| try +# 1794|-> { out.close(); } +# 1795| catch (Exception ex) +# 1796| {} + +Error: UNUSED_VALUE (CWE-563): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/CookieParser.java:39: value_overwrite: Overwriting previous write to "cookieValue" with value from "value". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/CookieParser.java:35: assigned_reference: Assigning value from "path" to "cookieValue" here, but that stored value is overwritten before it can be used. +# 33| if (cookieName != null) { +# 34| cookies.add(new Cookie(cookieName, cookieValue, path, domain, version)); +# 35|-> cookieName = cookieValue = path = domain = null; +# 36| } +# 37| + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:125: path: Condition "dateValue == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:129: path: Condition "dateFormats == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:133: path: Condition "startDate == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:67: thread_shared_data: "org.jboss.resteasy.util.DateUtil.DEFAULT_TWO_DIGIT_YEAR_START" is global and therefore thread-shared. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:135: assign: Assigning: "startDate" = "org.jboss.resteasy.util.DateUtil.DEFAULT_TWO_DIGIT_YEAR_START". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:139: path: Condition "dateValue.length() > 1", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:139: path: Condition "dateValue.startsWith("'")", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:139: path: Condition "dateValue.endsWith("'")", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:150: path: Condition "formatIter.hasNext()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:153: path: Condition "dateParser == null", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:157: thread_unsafe_modification: Thread-shared "startDate" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:157: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java:157: write: "startDate" is modified in call to "set2DigitYearStart". +# 155| dateParser = new SimpleDateFormat(format, Locale.US); +# 156| dateParser.setTimeZone(TimeZone.getTimeZone("GMT")); +# 157|-> dateParser.set2DigitYearStart(startDate); +# 158| } +# 159| else + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:17: return_thread_shared: Call to "getStack" returns a pointer to thread-shared data. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:17: thread_unsafe_modification: Thread-shared "getStack(true)" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:17: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:17: write: "getStack(true)" is modified in call to "add". +# 15| public void push(T obj) +# 16| { +# 17|-> getStack(true).add(obj); +# 18| } +# 19| + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:40: return_thread_shared: Call to "get" returns a pointer to thread-shared data. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:40: assign: Assigning: "stack" = "(java.util.ArrayList)local.get()". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:41: path: Condition "stack == null", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:41: path: Condition "stack.isEmpty()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:42: thread_unsafe_modification: Thread-shared "stack" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:42: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:42: write: "stack" is modified in call to "remove". +# 40| ArrayList stack = local.get(); +# 41| if (stack == null || stack.isEmpty()) return null; +# 42|-> return stack.remove(stack.size() - 1); +# 43| } +# 44| + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:47: return_thread_shared: Call to "getStack" returns a pointer to thread-shared data. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:47: assign: Assigning: "stack" = "getStack(true)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:48: path: Condition "stack.isEmpty()", taking true branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:50: thread_unsafe_modification: Thread-shared "stack" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:50: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:50: write: "stack" is modified in call to "add". +# 48| if (stack.isEmpty()) +# 49| { +# 50|-> stack.add(obj); +# 51| } +# 52| else + +Error: UNLOCKED_ACCESS (CWE-820): +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:47: return_thread_shared: Call to "getStack" returns a pointer to thread-shared data. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:47: assign: Assigning: "stack" = "getStack(true)". +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:48: path: Condition "stack.isEmpty()", taking false branch. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:54: thread_unsafe_modification: Thread-shared "stack" is modified in a concurrent context without any synchronization. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:54: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java:54: write: "stack" is modified in call to "set". +# 52| else +# 53| { +# 54|-> stack.set(stack.size() - 1, obj); +# 55| } +# 56| } + +Error: WRITE_CONST_FIELD (CWE-843): +rsync-3.2.3/rsync.h:793: field_definition: A const-qualified field is defined. +rsync-3.2.3/flist.c:2851: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 2849| { +# 2850| /* The +1 zeros out the first char of the basename. */ +# 2851|-> memset(file, 0, FILE_STRUCT_LEN + 1); +# 2852| /* In an empty entry, F_DEPTH() is an offset to the next non-empty +# 2853| * entry. Likewise for len32 in the opposite direction. We assume + +Error: ATOMICITY (CWE-667): +qpid-proton-0.39.0/c/src/proactor/epoll.c:2449: lock: Locking "&p->tslot_mutex". +qpid-proton-0.39.0/c/src/proactor/epoll.c:2450: def: Assigning data that might be protected by the lock to "ts". +qpid-proton-0.39.0/c/src/proactor/epoll.c:2451: unlock: Unlocking "&p->tslot_mutex". "ts" might now be unreliable because other threads can now change the data that it depends on. +qpid-proton-0.39.0/c/src/proactor/epoll.c:2460: path: Condition "1", taking true branch. +qpid-proton-0.39.0/c/src/proactor/epoll.c:2463: path: Condition "tsk", taking false branch. +qpid-proton-0.39.0/c/src/proactor/epoll.c:2482: path: Condition "p->poller == NULL", taking true branch. +qpid-proton-0.39.0/c/src/proactor/epoll.c:2453: lockagain: Locking "&p->sched_mutex" again. +qpid-proton-0.39.0/c/src/proactor/epoll.c:2484: use: Using an unreliable value of "ts" inside the second locked section. If the data that "ts" depends on was changed by another thread, this use might be incorrect. +# 2482| if (p->poller == NULL) { +# 2483| bool return_immediately; +# 2484|-> p->poller = ts; +# 2485| // Get new epoll events (if any) and mark the relevant tasks as runnable +# 2486| return_immediately = poller_do_epoll(p, ts, can_block); + +Error: PATH_MANIPULATION (CWE-22): +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1082: path: Condition "(size_t)iMaxLine < 4096UL /* sizeof (bufRcv) - 1 */", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1084: path: Falling through to end of if statement. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1091: path: Condition "pLstn->bUseCreds", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1105: tainted_argument: Calling function "recvmsg" taints argument "msgh". +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1107: path: Condition "Debug", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1108: path: Condition "iRcvd > 0", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1110: path: Condition "pLstn->bUseCreds", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1112: path: Condition "(size_t)msgh.msg_controllen >= 16UL /* sizeof (struct cmsghdr) */", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1112: var_assign_var: Assigning: "cm" = "((size_t)msgh.msg_controllen >= 16UL) ? (struct cmsghdr *)msgh.msg_control : NULL". Both are now tainted. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1112: path: Condition "cm", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1114: path: Condition "pLstn->bUseCreds", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1114: path: Condition "cm->cmsg_level == 1", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1114: path: Condition "cm->cmsg_type == SCM_CREDENTIALS", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1116: identity_transfer: Passing "cm->__cmsg_data" as argument 2 to function "memcpy", which sets "cred" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.] +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1116: tainted_data_transitive: Call to function "memcpy" with tainted argument "cm->__cmsg_data" transitively taints "cred". [Note: The source code implementation of the function has been overridden by a builtin model.] +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1121: path: Condition "pLstn->bUseSysTimeStamp", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1121: path: Condition "cm->cmsg_level == 1", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1121: path: Condition "cm->cmsg_type == 29", taking false branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1127: path: Jumping back to the beginning of the loop. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1112: path: Condition "cm", taking false branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1130: path: Condition "cred_set", taking true branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1130: path: Condition "ts_set", taking false branch. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1130: path_manipulation_sink: Constructing a path or URI using the tainted value "(cred_set ? &cred : NULL)->pid" and passing it to "SubmitMsg". This may allow an attacker to access, modify, or test the existence of critical or sensitive files. +rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c:1130: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 1128| } +# 1129| # endif /* defined(HAVE_SCM_CREDENTIALS) || defined(HAVE_SO_TIMESTAMP) */ +# 1130|-> CHKiRet(SubmitMsg(pRcv, iRcvd, pLstn, (cred_set ? &cred : NULL), (ts_set ? &ts : NULL))); +# 1131| } else if(iRcvd < 0 && errno != EINTR && errno != EAGAIN) { +# 1132| char errStr[1024]; + +Error: RETURN_LOCAL (CWE-562): +ruby-3.0.4/compile.c:5671: path: Switch case value "NODE_HSHPTN". +ruby-3.0.4/compile.c:6065: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6065: path: Condition "!node->u3.node", taking false branch. +ruby-3.0.4/compile.c:6074: path: Condition "node->u1.node", taking true branch. +ruby-3.0.4/compile.c:6076: path: Condition "!iseq_compile_each(iseq, ret, node->u1.node, 0)", taking false branch. +ruby-3.0.4/compile.c:6082: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6086: path: Condition "RB_NIL_P(keys)", taking true branch. +ruby-3.0.4/compile.c:6088: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6093: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6099: path: Condition "node->u3.node", taking true branch. +ruby-3.0.4/compile.c:6100: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6103: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6108: path: Condition "args", taking true branch. +ruby-3.0.4/compile.c:6110: local_ptr_assign_local: Assigning: "match_values->last" = "&match_values->anchor" (address of local variable "match_values"). +ruby-3.0.4/compile.c:6112: path: Condition "i < keys_num", taking false branch. +ruby-3.0.4/compile.c:6133: identity_transfer: Passing field "match_values->last" (indirectly, via argument 2) to function "APPEND_LIST", which assigns it to "ret->last". +ruby-3.0.4/compile.c:6134: out_of_scope: Variable "match_values" goes out of scope. +ruby-3.0.4/compile.c:6135: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6142: path: Condition "node->u3.node", taking true branch. +ruby-3.0.4/compile.c:6143: path: Condition "node->u3.node == (struct RNode *)0xffffffffffffffff", taking true branch. +ruby-3.0.4/compile.c:6144: use_invalid_in_call: In "ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_dup, 0))", using "ret->last", which points to an out-of-scope variable "match_values". +# 6142| if (node->nd_pkwrestarg) { +# 6143| if (node->nd_pkwrestarg == NODE_SPECIAL_NO_REST_KEYWORD) { +# 6144|-> ADD_INSN(ret, line, dup); +# 6145| ADD_SEND(ret, line, idEmptyP, INT2FIX(0)); +# 6146| ADD_INSNL(ret, line, branchunless, match_failed); + +Error: RETURN_LOCAL (CWE-562): +ruby-3.0.4/compile.c:5671: path: Switch case value "NODE_HSHPTN". +ruby-3.0.4/compile.c:6065: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6065: path: Condition "!node->u3.node", taking false branch. +ruby-3.0.4/compile.c:6074: path: Condition "node->u1.node", taking true branch. +ruby-3.0.4/compile.c:6076: path: Condition "!iseq_compile_each(iseq, ret, node->u1.node, 0)", taking false branch. +ruby-3.0.4/compile.c:6082: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6086: path: Condition "RB_NIL_P(keys)", taking true branch. +ruby-3.0.4/compile.c:6088: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6093: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6099: path: Condition "node->u3.node", taking true branch. +ruby-3.0.4/compile.c:6100: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6103: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6108: path: Condition "args", taking true branch. +ruby-3.0.4/compile.c:6110: local_ptr_assign_local: Assigning: "match_values->last" = "&match_values->anchor" (address of local variable "match_values"). +ruby-3.0.4/compile.c:6112: path: Condition "i < keys_num", taking false branch. +ruby-3.0.4/compile.c:6133: identity_transfer: Passing field "match_values->last" (indirectly, via argument 2) to function "APPEND_LIST", which assigns it to "ret->last". +ruby-3.0.4/compile.c:6134: out_of_scope: Variable "match_values" goes out of scope. +ruby-3.0.4/compile.c:6135: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6142: path: Condition "node->u3.node", taking true branch. +ruby-3.0.4/compile.c:6143: path: Condition "node->u3.node == (struct RNode *)0xffffffffffffffff", taking false branch. +ruby-3.0.4/compile.c:6149: use_invalid_in_call: In "ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_dup, 0))", using "ret->last", which points to an out-of-scope variable "match_values". +# 6147| } +# 6148| else { +# 6149|-> ADD_INSN(ret, line, dup); +# 6150| CHECK(iseq_compile_pattern_match(iseq, ret, node->nd_pkwrestarg, match_failed, in_alt_pattern, FALSE)); +# 6151| } + +Error: RETURN_LOCAL (CWE-562): +ruby-3.0.4/compile.c:5671: path: Switch case value "NODE_HSHPTN". +ruby-3.0.4/compile.c:6065: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6065: path: Condition "!node->u3.node", taking true branch. +ruby-3.0.4/compile.c:6067: path: Condition "kw_args", taking true branch. +ruby-3.0.4/compile.c:6068: path: Condition "kw_args", taking true branch. +ruby-3.0.4/compile.c:6071: path: Jumping back to the beginning of the loop. +ruby-3.0.4/compile.c:6068: path: Condition "kw_args", taking false branch. +ruby-3.0.4/compile.c:6074: path: Condition "node->u1.node", taking true branch. +ruby-3.0.4/compile.c:6076: path: Condition "!iseq_compile_each(iseq, ret, node->u1.node, 0)", taking false branch. +ruby-3.0.4/compile.c:6082: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6086: path: Condition "RB_NIL_P(keys)", taking true branch. +ruby-3.0.4/compile.c:6088: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6093: path: Condition "1", taking true branch. +ruby-3.0.4/compile.c:6099: path: Condition "node->u3.node", taking false branch. +ruby-3.0.4/compile.c:6103: path: Condition "node->u2.node", taking true branch. +ruby-3.0.4/compile.c:6108: path: Condition "args", taking true branch. +ruby-3.0.4/compile.c:6110: local_ptr_assign_local: Assigning: "match_values->last" = "&match_values->anchor" (address of local variable "match_values"). +ruby-3.0.4/compile.c:6112: path: Condition "i < keys_num", taking false branch. +ruby-3.0.4/compile.c:6133: identity_transfer: Passing field "match_values->last" (indirectly, via argument 2) to function "APPEND_LIST", which assigns it to "ret->last". +ruby-3.0.4/compile.c:6134: out_of_scope: Variable "match_values" goes out of scope. +ruby-3.0.4/compile.c:6135: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:6142: path: Condition "node->u3.node", taking false branch. +ruby-3.0.4/compile.c:6154: use_invalid_in_call: In "ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))", using "ret->last", which points to an out-of-scope variable "match_values". +# 6152| } +# 6153| +# 6154|-> ADD_INSN(ret, line, pop); +# 6155| ADD_INSNL(ret, line, jump, matched); +# 6156| ADD_INSN(ret, line, putnil); + +Error: RETURN_LOCAL (CWE-562): +ruby-3.0.4/compile.c:7545: path: Condition "ISEQ_COMPILE_DATA(iseq)->last_line == line", taking true branch. +ruby-3.0.4/compile.c:7547: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:7563: path: Switch case value "NODE_COLON2". +ruby-3.0.4/compile.c:8656: path: Condition "rb_is_const_id(node->u2.id)", taking true branch. +ruby-3.0.4/compile.c:8665: local_ptr_assign_local: Assigning: "body->last" = "&body->anchor" (address of local variable "body"). +ruby-3.0.4/compile.c:8666: path: Condition "!compile_const_prefix(iseq, node, pref, body)", taking false branch. +ruby-3.0.4/compile.c:8667: path: Condition "LIST_INSN_SIZE_ZERO(pref)", taking false branch. +ruby-3.0.4/compile.c:8684: identity_transfer: Passing field "body->last" (indirectly, via argument 2) to function "APPEND_LIST", which assigns it to "ret->last". +ruby-3.0.4/compile.c:8686: out_of_scope: Variable "body" goes out of scope. +ruby-3.0.4/compile.c:8686: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:8693: path: Condition "popped", taking true branch. +ruby-3.0.4/compile.c:8694: use_invalid_in_call: In "ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))", using "ret->last", which points to an out-of-scope variable "body". +# 8692| } +# 8693| if (popped) { +# 8694|-> ADD_INSN(ret, line, pop); +# 8695| } +# 8696| break; + +Error: RETURN_LOCAL (CWE-562): +ruby-3.0.4/compile.c:7545: path: Condition "ISEQ_COMPILE_DATA(iseq)->last_line == line", taking true branch. +ruby-3.0.4/compile.c:7547: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:7563: path: Switch case value "NODE_COLON2". +ruby-3.0.4/compile.c:8656: path: Condition "rb_is_const_id(node->u2.id)", taking true branch. +ruby-3.0.4/compile.c:8664: local_ptr_assign_local: Assigning: "pref->last" = "&pref->anchor" (address of local variable "pref"). +ruby-3.0.4/compile.c:8666: path: Condition "!compile_const_prefix(iseq, node, pref, body)", taking false branch. +ruby-3.0.4/compile.c:8667: path: Condition "LIST_INSN_SIZE_ZERO(pref)", taking false branch. +ruby-3.0.4/compile.c:8683: identity_transfer: Passing field "pref->last" (indirectly, via argument 2) to function "APPEND_LIST", which assigns it to "ret->last". +ruby-3.0.4/compile.c:8686: out_of_scope: Variable "pref" goes out of scope. +ruby-3.0.4/compile.c:8686: path: Falling through to end of if statement. +ruby-3.0.4/compile.c:8693: path: Condition "popped", taking true branch. +ruby-3.0.4/compile.c:8694: use_invalid_in_call: In "ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))", using "ret->last", which points to an out-of-scope variable "pref". +# 8692| } +# 8693| if (popped) { +# 8694|-> ADD_INSN(ret, line, pop); +# 8695| } +# 8696| break; + +Error: WRITE_CONST_FIELD (CWE-843): +ruby-3.0.4/gc.c:605: nested_field_definition: A nested aggregate with a const-qualified field is defined. +ruby-3.0.4/gc.c:571: nested_field_definition: A nested aggregate with a const-qualified field is defined. +ruby-3.0.4/include/ruby/internal/core/rbasic.h:49: field_definition: A const-qualified field is defined. +ruby-3.0.4/gc.c:8695: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 8693| /* Move the object */ +# 8694| memcpy(dest, src, sizeof(RVALUE)); +# 8695|-> memset(src, 0, sizeof(RVALUE)); +# 8696| +# 8697| /* Set bits for object in new location */ + +Error: COMPILER_WARNING: +oneTBB-2020.3/src/tbb/tbb_misc.h:22: included_from: Included from here. +oneTBB-2020.3/src/tbb/tbb_misc.cpp:24: included_from: Included from here. +oneTBB-2020.3/include/tbb/atomic.h:21:141: note: '#pragma message: TBB Warning: tbb/atomic.h is deprecated. For details, please see Deprecated Features appendix in the TBB reference manual.' +# 19| #if !defined(__TBB_show_deprecation_message_atomic_H) && defined(__TBB_show_deprecated_header_message) +# 20| #define __TBB_show_deprecation_message_atomic_H +# 21|-> #pragma message("TBB Warning: tbb/atomic.h is deprecated. For details, please see Deprecated Features appendix in the TBB reference manual.") +# 22| #endif +# 23| + +Error: WRITE_CONST_FIELD (CWE-843): +oneTBB-2020.3/python/rml/ipc_server.cpp:341: field_definition: A const-qualified field is defined. +oneTBB-2020.3/python/rml/ipc_server.cpp:1086: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 1084| ipc_server* server = static_cast( my_global_server ); +# 1085| server->~ipc_server(); +# 1086|-> memset( server, 0, sizeof(ipc_server) ); +# 1087| new( server ) ipc_server( *my_global_client ); +# 1088| pthread_atfork( NULL, NULL, rml_atfork_child ); + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp:486: find: Calling "find" with element "loc" returns the end iterator. +thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp:486: assign: Assigning: "itr" = "this->fragOutputs->find(loc)". +thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp:489: deref_iterator: Dereferencing iterator "itr" though it is already past the end of its container. +# 487| MOZ_DIAGNOSTIC_ASSERT(itr != fragOutputs.end()); +# 488| +# 489|-> const auto& info = itr->second; +# 490| const auto& srcBaseType = info.baseType; +# 491| if (MOZ_UNLIKELY(dstBaseType != srcBaseType)) { + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:45: past_the_end: Function "end" creates an iterator. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:45: assign: Assigning: "end" = "src->end()". +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:47: path: Condition "std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:56: path: Condition "isBlockComment", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:60: path: Condition "isBlockComment", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:64: assign: Assigning: "commentEnd" = "end". +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "!isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:67: path: Condition "std::regex_search(itr, end, match, endRegex, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:69: path: Falling through to end of if statement. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:73: path: Condition "itr != commentEnd", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:75: path: Condition "cur == '\n'", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:78: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:73: path: Condition "itr != commentEnd", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:79: path: Condition "isBlockComment", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:82: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:47: path: Condition "std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:56: path: Condition "isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:60: path: Condition "isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:64: assign: Assigning: "commentEnd" = "end". +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "!isBlockComment", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "itr != end", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "*itr == '\n'", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:67: path: Falling through to end of if statement. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:73: path: Condition "itr != commentEnd", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:79: path: Condition "isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:82: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:47: path: Condition "std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:56: path: Condition "isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:60: path: Condition "isBlockComment", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:64: assign: Assigning: "commentEnd" = "end". +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "!isBlockComment", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: path: Condition "itr != end", taking false branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:65: tested_end: "itr" testing equal to "end". +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:67: identity_transfer: Passing "itr" as argument 1 to function "regex_search", which sets "match._M_begin" to that argument. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:67: path: Condition "std::regex_search(itr, end, match, endRegex, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:69: path: Falling through to end of if statement. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:73: path: Condition "itr != commentEnd", taking true branch. +thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp:74: deref_iterator: Dereferencing iterator "itr" though it is already past the end of its container. +# 72| +# 73| for (; itr != commentEnd; ++itr) { +# 74|-> const auto cur = *itr; +# 75| if (cur == '\n') { +# 76| ret += cur; + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:17: path: Condition "!!NS_FAILED_impl(rv)", taking false branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:22: new_array: "output_dynamic" allocates "cborPubKeyOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:40: path: Condition "!aPubKeyObj->Assign(cborPubKeyOut.cbor::output_dynamic::data(), cborPubKeyOut.cbor::output_dynamic::size())", taking true branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:41: delete_var: "~output_dynamic" uses delete on "cborPubKeyOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 39| +# 40| if (!aPubKeyObj.Assign(cborPubKeyOut.data(), cborPubKeyOut.size())) { +# 41|-> return NS_ERROR_OUT_OF_MEMORY; +# 42| } +# 43| return NS_OK; + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:17: path: Condition "!!NS_FAILED_impl(rv)", taking false branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:22: new_array: "output_dynamic" allocates "cborPubKeyOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:40: path: Condition "!aPubKeyObj->Assign(cborPubKeyOut.cbor::output_dynamic::data(), cborPubKeyOut.cbor::output_dynamic::size())", taking false branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:43: delete_var: "~output_dynamic" uses delete on "cborPubKeyOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 41| return NS_ERROR_OUT_OF_MEMORY; +# 42| } +# 43|-> return NS_OK; +# 44| } +# 45| + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:66: new_array: "output_dynamic" allocates "cborAttOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:90: path: Condition "!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())", taking true branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:91: delete_var: "~output_dynamic" uses delete on "cborAttOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 89| +# 90| if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) { +# 91|-> return NS_ERROR_OUT_OF_MEMORY; +# 92| } +# 93| return NS_OK; + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:66: new_array: "output_dynamic" allocates "cborAttOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:90: path: Condition "!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())", taking false branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:93: delete_var: "~output_dynamic" uses delete on "cborAttOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 91| return NS_ERROR_OUT_OF_MEMORY; +# 92| } +# 93|-> return NS_OK; +# 94| } +# 95| + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:108: new_array: "output_dynamic" allocates "cborAttOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:122: path: Condition "!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())", taking true branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:123: delete_var: "~output_dynamic" uses delete on "cborAttOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 121| +# 122| if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) { +# 123|-> return NS_ERROR_OUT_OF_MEMORY; +# 124| } +# 125| return NS_OK; + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:108: new_array: "output_dynamic" allocates "cborAttOut._buffer". +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:122: path: Condition "!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())", taking false branch. +thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp:125: delete_var: "~output_dynamic" uses delete on "cborAttOut._buffer" which is an array. It should be deleted with "operator delete[]". +# 123| return NS_ERROR_OUT_OF_MEMORY; +# 124| } +# 125|-> return NS_OK; +# 126| } +# 127| + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp:74: find: Calling "find" with element "aUnscaledFont.operator void *()" returns the end iterator. +thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp:74: assign: Assigning: "element" = "this->mUnscaledFontRefs.find(std::unordered_map, std::equal_to, std::allocator > >::key_type const(aUnscaledFont.operator void *()))". +thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp:78: deref_iterator: Dereferencing iterator "element" though it is already past the end of its container. +# 76| "DecrementUnscaledFontRefCount calls should balance " +# 77| "with IncrementUnscaledFontRefCount calls"); +# 78|-> if (--(element->second) <= 0) { +# 79| RecordEvent(RecordedUnscaledFontDestruction(aUnscaledFont)); +# 80| mUnscaledFontRefs.erase(aUnscaledFont); + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:129: path: Condition "node->getOp() == sh::EOpCallFunctionInAST", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:132: find: Calling "find" with element "node->getFunction()->uniqueId()->get()" returns the end iterator. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:132: assign: Assigning: "it" = "this->mFunctions.find(std::map, std::allocator > >::key_type const(node->getFunction()->uniqueId()->get()))". +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:133: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:138: path: Condition "this->mCurrentFunction", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp:140: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 138| if (mCurrentFunction) +# 139| { +# 140|-> mCurrentFunction->callees.insert(&it->second); +# 141| } +# 142| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:466: path: Condition "node->getType()->isUnsizedArray()", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:470: path: Condition "binaryNode", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:474: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:477: find: Calling "find" with element "field" returns the end iterator. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:477: assign: Assigning: "fieldInfoIter" = "this->mBlockMemberInfoMap.find(field)". +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:478: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:479: deref_iterator: Dereferencing iterator "fieldInfoIter" though it is already past the end of its container. +# 477| auto fieldInfoIter = mBlockMemberInfoMap.find(field); +# 478| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end()); +# 479|-> unsizedArrayStride = fieldInfoIter->second.arrayStride; +# 480| } +# 481| else + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:466: path: Condition "node->getType()->isUnsizedArray()", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:470: path: Condition "binaryNode", taking false branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:486: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:489: find: Calling "find" with element "field" returns the end iterator. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:489: assign: Assigning: "fieldInfoIter" = "this->mBlockMemberInfoMap.find(field)". +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:490: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:491: deref_iterator: Dereferencing iterator "fieldInfoIter" though it is already past the end of its container. +# 489| auto fieldInfoIter = mBlockMemberInfoMap.find(field); +# 490| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end()); +# 491|-> unsizedArrayStride = fieldInfoIter->second.arrayStride; +# 492| } +# 493| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:661: find: Calling "find" with element "field" returns the end iterator. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:661: assign: Assigning: "fieldInfoIter" = "this->mBlockMemberInfoMap.find(field)". +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:662: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp:663: deref_iterator: Dereferencing iterator "fieldInfoIter" though it is already past the end of its container. +# 661| auto fieldInfoIter = mBlockMemberInfoMap.find(field); +# 662| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end()); +# 663|-> *blockMemberInfo = fieldInfoIter->second; +# 664| return CreateUIntNode(blockMemberInfo->offset); +# 665| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:75: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:76: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:78: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:79: find: Calling "find" with element "binding" returns the end iterator. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:79: assign: Assigning: "iter" = "this->mMap.find(binding)". +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:80: path: Condition "true", taking true branch. +thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp:81: deref_iterator: Dereferencing iterator "iter" though it is already past the end of its container. +# 79| auto iter = mMap.find(binding); +# 80| ASSERT(iter != mMap.end()); // Ensure PLSImages already exist for this symbol. +# 81|-> return iter->second; +# 82| } +# 83| + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1443: path: Switch case value "mozilla::MOUSE_INPUT". +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1456: path: Condition "startsDrag", taking false branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1471: path: Condition "!state.mHit.mTargetApzc", taking true branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1471: path: Condition "this->mRootNode.operator bool()", taking true branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1476: path: Condition "state.mHit.mTargetApzc.operator bool()", taking true branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1477: path: Condition "mozilla::StaticPrefs::apz_test_logging_enabled()", taking true branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1477: path: Condition "mouseInput.mType == mozilla::MouseInput::MOUSE_HITTEST", taking true branch. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1482: find: Calling "find" with element "guid.mLayersId" returns the end iterator. +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1482: assign: Assigning: "it" = "this->mTestData.find(guid.mLayersId)". +thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp:1484: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 1482| auto it = mTestData.find(guid.mLayersId); +# 1483| MOZ_ASSERT(it != mTestData.end()); +# 1484|-> it->second->RecordHitResult(mouseInput.mOrigin, state.mHit.mHitResult, +# 1485| guid.mLayersId, guid.mScrollId); +# 1486| } + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:167: path: Condition "!this->mCharacterMap.operator gfxCharacterMap *()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:167: path: Condition "!this->mShmemCharacterMap.operator SharedBitSet const *()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:173: path: Condition "!this->mUVSOffset.operator uint32_t()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:177: path: Condition "!this->mUVSData.operator uint8_t const *()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:181: path: Condition "cmapTable.operator hb_blob_t *()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:185: new_array: "ReadCMAPTableFormat14" allocates "uvsData". +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:187: path: Condition "!!!NS_FAILED_impl(rv)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:188: path: Condition "!this->mUVSData.compareExchange(NULL, uvsData)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp:189: delete_var: Deleting array variable "uvsData" with non-array "delete" in "delete uvsData". +# 187| if (NS_SUCCEEDED(rv)) { +# 188| if (!mUVSData.compareExchange(nullptr, uvsData)) { +# 189|-> delete uvsData; +# 190| } +# 191| } + +Error: ATOMICITY (CWE-667): +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1600: path: Condition "!needsGlyphExtents", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1600: path: Condition "!this->mDetailedGlyphs.operator bool()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1607: path: Condition "i < runCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1610: path: Condition "!!font->GetStyle()->AdjustedSizeMustBeZero()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1611: path: Continuing loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1607: path: Condition "i < runCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1610: path: Condition "!!font->GetStyle()->AdjustedSizeMustBeZero()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1611: path: Continuing loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1607: path: Condition "i < runCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1610: path: Condition "!!font->GetStyle()->AdjustedSizeMustBeZero()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1626: path: Condition "needsGlyphExtents", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Falling through to end of if statement. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1658: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Condition "!glyphData->IsMissing()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1639: path: Condition "glyphCount == 0", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1643: path: Condition "!details", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: path: Condition "!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1656: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: path: Condition "!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1656: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: path: Condition "!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1656: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1658: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Condition "!glyphData->IsMissing()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1639: path: Condition "glyphCount == 0", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1640: path: Continuing loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Condition "!glyphData->IsMissing()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1639: path: Condition "glyphCount == 0", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1643: path: Condition "!details", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: path: Condition "!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1654: lock: Locking "extents->mLock->mRWLock". +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1656: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1658: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1659: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1607: path: Condition "i < runCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1610: path: Condition "!!font->GetStyle()->AdjustedSizeMustBeZero()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1626: path: Condition "needsGlyphExtents", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Falling through to end of if statement. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1658: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1659: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1607: path: Condition "i < runCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1610: path: Condition "!!font->GetStyle()->AdjustedSizeMustBeZero()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1617: def: Assigning data that might be protected by the lock to "extents". +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1626: path: Condition "needsGlyphExtents", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Falling through to end of if statement. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1658: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1621: path: Condition "j < end", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1623: path: Condition "glyphData->IsSimpleGlyph()", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1637: path: Condition "!glyphData->IsMissing()", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1639: path: Condition "glyphCount == 0", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1643: path: Condition "!details", taking false branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: path: Condition "!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1652: unlock: Unlocking "extents->mLock->mRWLock". "extents" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1656: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1646: path: Condition "k < glyphCount", taking true branch. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1654: lockagain: Locking "extents->mLock->mRWLock" again. +thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp:1648: use: Using an unreliable value of "extents" inside the second locked section. If the data that "extents" depends on was changed by another thread, this use might be incorrect. +# 1646| for (uint32_t k = 0; k < glyphCount; ++k, ++details) { +# 1647| uint32_t glyphIndex = details->mGlyphID; +# 1648|-> if (!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)) { +# 1649| #ifdef DEBUG_TEXT_RUN_STORAGE_METRICS +# 1650| ++gGlyphExtentsSetupEagerTight; + +Error: RETURN_LOCAL (CWE-562): +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2063: path: Condition "pErrorCode == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2063: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "targetCnv == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "sourceCnv == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "source == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "*source == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "target == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "*target == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "targetLimit == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "sourceLimit != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "sourceLimit < s", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "targetLimit < t", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "sourceLimit != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "(size_t)(sourceLimit - s) > 2147483647UL /* (size_t)2147483647 */", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "sourceLimit > s", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "(size_t)(targetLimit - t) > 2147483647UL /* (size_t)2147483647 */", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "targetLimit > t", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2094: path: Condition "pivotStart == NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2095: path: Condition "!flush", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2102: local_ptr_assign_local: Assigning: "pivotStart" = "pivotBuffer" (address of local variable "pivotBuffer"). +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2106: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2115: path: Condition "sourceLimit == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2120: path: Condition "reset", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2124: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2142: path: Condition "sourceCnv->sharedData->staticData->conversionType == UCNV_UTF8", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2142: path: Condition "targetCnv->sharedData->impl->fromUTF8 != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2146: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2173: path: Condition "convert != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2173: path: Condition "pivotLimit - pivotStart > 32", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2213: path: Condition "true", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2222: path: Condition "*pivotSource < *pivotTarget", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2230: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2252: path: Condition "sourceCnv->UCharErrorBufferLength > 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2253: path: Condition "ucnv_outputOverflowToUnicode(sourceCnv, pivotTarget, pivotLimit, NULL, pErrorCode)", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2257: path: Continuing loop. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2213: path: Condition "true", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2222: path: Condition "*pivotSource < *pivotTarget", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2230: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2243: escape_local_addr_alias: Returning, through "*pivotSource", pointer "*pivotTarget = pivotStart" which points to local variable "pivotBuffer". +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2252: path: Condition "sourceCnv->UCharErrorBufferLength > 0", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "toUArgs.source == sourceLimit", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "sourceCnv->preToULength >= 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "sourceCnv->toULength == 0", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2280: path: Condition "convert != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2280: path: Condition "targetCnv->preFromUFirstCP < 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2280: path: Condition "sourceCnv->preToULength == 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2281: path: Condition "*pErrorCode == U_USING_DEFAULT_WARNING", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2286: path: Condition "*pErrorCode == U_BUFFER_OVERFLOW_ERROR", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2288: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2311: path: Condition "*pErrorCode == U_USING_DEFAULT_WARNING", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2322: path: Condition "flush", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2322: path: Condition "sourceCnv->toULength > 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2330: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2356: path: Condition "*pErrorCode == U_BUFFER_OVERFLOW_ERROR", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2359: path: Condition "U_FAILURE(*pErrorCode)", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2361: path: Breaking from loop. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2390: path: Condition "flush", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2390: path: Condition "U_SUCCESS(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2400: return: Returning here. +# 2241| +# 2242| /* The pivot buffer is empty; reset it so we start at pivotStart. */ +# 2243|-> *pivotSource=*pivotTarget=pivotStart; +# 2244| +# 2245| /* + +Error: RETURN_LOCAL (CWE-562): +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2063: path: Condition "pErrorCode == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2063: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "targetCnv == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "sourceCnv == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "source == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "*source == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "target == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "*target == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2067: path: Condition "targetLimit == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "sourceLimit != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "sourceLimit < s", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2077: path: Condition "targetLimit < t", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "sourceLimit != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "(size_t)(sourceLimit - s) > 2147483647UL /* (size_t)2147483647 */", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "sourceLimit > s", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "(size_t)(targetLimit - t) > 2147483647UL /* (size_t)2147483647 */", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2086: path: Condition "targetLimit > t", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2094: path: Condition "pivotStart == NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2095: path: Condition "!flush", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2102: local_ptr_assign_local: Assigning: "pivotStart" = "pivotBuffer" (address of local variable "pivotBuffer"). +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2106: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2115: path: Condition "sourceLimit == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2120: path: Condition "reset", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2124: path: Condition "targetCnv->charErrorBufferLength > 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2126: path: Condition "ucnv_outputOverflowFromUnicode(targetCnv, target, targetLimit, NULL, pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2132: path: Condition "!flush", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2142: path: Condition "sourceCnv->sharedData->staticData->conversionType == UCNV_UTF8", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2142: path: Condition "targetCnv->sharedData->impl->fromUTF8 != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2146: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2173: path: Condition "convert != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2173: path: Condition "pivotLimit - pivotStart > 32", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2213: path: Condition "true", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2222: path: Condition "*pivotSource < *pivotTarget", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2230: path: Condition "U_FAILURE(*pErrorCode)", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2243: escape_local_addr_alias: Returning, through "*pivotTarget", pointer "pivotStart" which points to local variable "pivotBuffer". +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2252: path: Condition "sourceCnv->UCharErrorBufferLength > 0", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "toUArgs.source == sourceLimit", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "sourceCnv->preToULength >= 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "sourceCnv->toULength == 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "!flush", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2267: path: Condition "fromUArgs.flush", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2272: path: Breaking from loop. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2390: path: Condition "flush", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2390: path: Condition "U_SUCCESS(*pErrorCode)", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2391: path: Condition "*target != targetLimit", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2393: path: Condition "*pErrorCode == U_STRING_NOT_TERMINATED_WARNING", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2396: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp:2400: return: Returning here. +# 2241| +# 2242| /* The pivot buffer is empty; reset it so we start at pivotStart. */ +# 2243|-> *pivotSource=*pivotTarget=pivotStart; +# 2244| +# 2245| /* + +Error: RETURN_LOCAL (CWE-562): +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1840: path: Condition "newCapacity == -1", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1847: path: Condition "!this->isWritable()", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1858: path: Condition "forceClone", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1864: path: Condition "growCapacity < 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1866: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1876: path: Condition "flags & icu_73::UnicodeString::kUsingStackBuffer", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1878: path: Condition "doCopyArray", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1878: path: Condition "growCapacity > icu_73::UnicodeString::US_STACKBUF_SIZE", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1882: local_ptr_assign_local: Assigning: "oldArray" = "oldStackBuffer" (address of local variable "oldStackBuffer"). +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1883: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1886: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1892: path: Condition "this->allocate(growCapacity)", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1895: path: Condition "doCopyArray", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1900: path: Condition "newCapacity < minLength", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1903: path: Condition "oldArray != NULL", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1907: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1912: path: Condition "flags & icu_73::UnicodeString::kRefCounted", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1914: offset_of_local: "(icu_73::u_atomic_int32_t *)oldArray - 1" is an offset of local variable "oldArray". +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1914: local_ptr_assign_ptr: Assigning: "pRefCount" = "(icu_73::u_atomic_int32_t *)oldArray - 1". +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1915: path: Condition "icu_73::umtx_atomic_dec(pRefCount) == 0", taking true branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1916: path: Condition "pBufferToDelete == NULL", taking false branch. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1923: escape_local_addr_alias: Returning, through "*pBufferToDelete", pointer "(int32_t *)pRefCount" which points to local variable "oldStackBuffer". +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1927: path: Falling through to end of if statement. +thunderbird-115.5.0/intl/icu/source/common/unistr.cpp:1938: return: Returning here. +# 1921| } else { +# 1922| // the caller requested to delete it himself +# 1923|-> *pBufferToDelete = (int32_t *)pRefCount; +# 1924| } +# 1925| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:692: path: Condition "arg < last_node->ArgumentSize()", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:698: path: Condition "jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:706: find: Calling "find" with element "jump_destination" returns the end iterator. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:706: assign: Assigning: "jump_count_iter" = "this->jump_usage_counts_.find(jump_destination)". +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:708: deref_iterator: Dereferencing iterator "jump_count_iter" though it is already past the end of its container. +# 706| auto jump_count_iter = jump_usage_counts_.find(jump_destination); +# 707| DCHECK(jump_count_iter != jump_usage_counts_.end()); +# 708|-> int& usage_count = jump_count_iter->second; +# 709| --usage_count; +# 710| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:692: path: Condition "arg < last_node->ArgumentSize()", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:698: path: Condition "jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:714: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:692: path: Condition "arg < last_node->ArgumentSize()", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:698: path: Condition "jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:714: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:692: path: Condition "arg < last_node->ArgumentSize()", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:698: path: Condition "jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())", taking false branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:714: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:692: path: Condition "arg < last_node->ArgumentSize()", taking false branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:719: path: Condition "last_node->HasIgnoredArguments()", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:720: path: Condition "ignored_arg != std::__cxx11::list::BytecodeArgument, v8::internal::ZoneAllocator::BytecodeArgument> >::iterator(last_node->ArgumentIgnoredEnd())", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:723: path: Condition "jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())", taking true branch. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:729: find: Calling "find" with element "jump_destination" returns the end iterator. +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:729: assign: Assigning: "jump_count_iter" = "this->jump_usage_counts_.find(jump_destination)". +thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc:731: deref_iterator: Dereferencing iterator "jump_count_iter" though it is already past the end of its container. +# 729| auto jump_count_iter = jump_usage_counts_.find(jump_destination); +# 730| DCHECK(jump_count_iter != jump_usage_counts_.end()); +# 731|-> int& usage_count = jump_count_iter->second; +# 732| --usage_count; +# 733| } + +Error: DELETE_ARRAY (CWE-459): +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:193: path: Condition "aInfo->IsMainProcessScriptableOnly()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:193: path: Condition "!XRE_IsParentProcess()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:196: path: Condition "console.operator bool()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:226: path: Condition "!!members.reserve(totalCount)", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:226: path: Falling through to end of if statement. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:231: path: Condition "i < methodCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:235: path: Condition "i == 1", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:235: path: Condition "i == 2", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:239: path: Condition "!info->IsReflectable()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:244: path: Condition "!info->GetId(cx, name)", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:249: path: Condition "info->IsSetter()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:258: path: Falling through to end of if statement. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:276: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:231: path: Condition "i < methodCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:235: path: Condition "i == 1", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:236: path: Continuing loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:231: path: Condition "i < methodCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:235: path: Condition "i == 1", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:235: path: Condition "i == 2", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:239: path: Condition "!info->IsReflectable()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:244: path: Condition "!info->GetId(cx, name)", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:249: path: Condition "info->IsSetter()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:262: path: Condition "indexInInterface == XPCNativeMember::GetMaxIndexInInterface()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:268: path: Condition "info->IsGetter()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:270: path: Falling through to end of if statement. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:276: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:231: path: Condition "i < methodCount", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:278: path: Condition "i < constCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:281: path: Condition "!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:286: path: Condition "!str.operator JSString * const &()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:295: path: Condition "indexInInterface == XPCNativeMember::GetMaxIndexInInterface()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:304: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:278: path: Condition "i < constCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:281: path: Condition "!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:286: path: Condition "!str.operator JSString * const &()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:295: path: Condition "indexInInterface == XPCNativeMember::GetMaxIndexInInterface()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:304: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:278: path: Condition "i < constCount", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:281: path: Condition "!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:286: path: Condition "!str.operator JSString * const &()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:295: path: Condition "indexInInterface == XPCNativeMember::GetMaxIndexInInterface()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:304: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:278: path: Condition "i < constCount", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:307: path: Condition "!bytes", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:311: path: Condition "!str.operator JSString * const &()", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:320: path: Condition "members.length() > 1", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:324: path: Condition "!place", taking false branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:328: new: Using "new" in "new (place) XPCNativeInterface(aInfo, interfaceName.operator PropertyKey const &())". +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:328: identity_transfer: Passing "new (place) XPCNativeInterface(aInfo, interfaceName.operator PropertyKey const &())" as argument 1 to constructor for class "RefPtr", which sets "obj.mRawPtr" to that argument. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:333: path: Condition "!members.empty()", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:338: path: Condition "!aMap->AddNew(obj.operator XPCNativeInterface *())", taking true branch. +thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp:340: delete_array_var: "~RefPtr" uses "delete[]" on "obj.mRawPtr" which is not an array. +# 338| if (!aMap->AddNew(obj)) { +# 339| NS_ERROR("failed to add our interface!"); +# 340|-> return nullptr; +# 341| } +# 342| + +Error: WRITE_CONST_FIELD (CWE-843): +thunderbird-115.5.0/media/libvorbis/lib/backends.h:116: field_definition: A const-qualified field is defined. +thunderbird-115.5.0/media/libvorbis/lib/vorbis_res0.c:68: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 66| vorbis_info_residue0 *info=(vorbis_info_residue0 *)i; +# 67| if(info){ +# 68|-> memset(info,0,sizeof(*info)); +# 69| _ogg_free(info); +# 70| } + +Error: WRITE_CONST_FIELD (CWE-843): +thunderbird-115.5.0/media/libvorbis/lib/backends.h:116: field_definition: A const-qualified field is defined. +thunderbird-115.5.0/media/libvorbis/lib/vorbisenc.c:465: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 463| _ogg_malloc(sizeof(*r)); +# 464| +# 465|-> memcpy(r,res->res,sizeof(*r)); +# 466| if(ci->residues<=number)ci->residues=number+1; +# 467| + +Error: ATOMICITY (CWE-667): +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:50: path: Condition "1", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:51: path: Condition "vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:53: lock: Locking "&cpi->h_event_start_encoding[ithread]". +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:53: path: Condition "sem_wait(&cpi->h_event_start_encoding[ithread]) == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:69: path: Condition "vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:74: path: Condition "mb_row < cm->mb_rows", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:101: path: Condition "mb_row != 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:109: path: Condition "mb_col < cm->mb_cols", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:110: path: Condition "(mb_col - 1) % nsync == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "mb_row", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "!(mb_col & nsync - 1)", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:144: path: Condition "mb_col != 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:152: path: Condition "cpi->oxcf.tuning == VP8_TUNE_SSIM", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:156: path: Condition "xd->segmentation_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:160: path: Condition "cpi->segmentation_map[map_index + mb_col] <= 3", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:163: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:168: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:175: path: Condition "cm->frame_type == KEY_FRAME", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:199: path: Condition "cpi->current_layer == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:200: path: Condition "xd->mode_info_context->mbmi.mode == ZEROMV", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:200: path: Condition "xd->mode_info_context->mbmi.ref_frame == LAST_FRAME", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:203: path: Condition "cpi->consec_zero_last[map_index + mb_col] < 255", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:206: path: Condition "cpi->consec_zero_last_mvbias[map_index + mb_col] < 255", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:209: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:213: path: Condition "x->zero_last_dot_suppress", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "cpi->current_layer == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "cpi->cyclic_refresh_mode_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "xd->segmentation_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:239: path: Condition "mbmi->segment_id", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:241: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:282: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:109: path: Condition "mb_col < cm->mb_cols", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:110: path: Condition "(mb_col - 1) % nsync == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "mb_row", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "!(mb_col & nsync - 1)", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:144: path: Condition "mb_col != 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:152: path: Condition "cpi->oxcf.tuning == VP8_TUNE_SSIM", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:156: path: Condition "xd->segmentation_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:160: path: Condition "cpi->segmentation_map[map_index + mb_col] <= 3", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:163: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:168: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:175: path: Condition "cm->frame_type == KEY_FRAME", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:199: path: Condition "cpi->current_layer == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:200: path: Condition "xd->mode_info_context->mbmi.mode == ZEROMV", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:200: path: Condition "xd->mode_info_context->mbmi.ref_frame == LAST_FRAME", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:203: path: Condition "cpi->consec_zero_last[map_index + mb_col] < 255", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:206: path: Condition "cpi->consec_zero_last_mvbias[map_index + mb_col] < 255", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:209: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:213: path: Condition "x->zero_last_dot_suppress", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "cpi->current_layer == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "cpi->cyclic_refresh_mode_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:225: path: Condition "xd->segmentation_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:229: def: Assigning data that might be protected by the lock to "cpi->segmentation_map[map_index + mb_col]". +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:239: path: Condition "mbmi->segment_id", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:241: path: Falling through to end of if statement. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:282: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:109: path: Condition "mb_col < cm->mb_cols", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:307: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:74: path: Condition "mb_row < cm->mb_rows", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:309: unlock: Unlocking "&cpi->h_event_end_encoding[ithread]". "cpi->segmentation_map[map_index + mb_col]" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:311: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:50: path: Condition "1", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:51: path: Condition "vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:53: path: Condition "sem_wait(&cpi->h_event_start_encoding[ithread]) == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:69: path: Condition "vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:74: path: Condition "mb_row < cm->mb_rows", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:101: path: Condition "mb_row != 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:109: path: Condition "mb_col < cm->mb_cols", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:110: path: Condition "(mb_col - 1) % nsync == 0", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "mb_row", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:114: path: Condition "!(mb_col & nsync - 1)", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:144: path: Condition "mb_col != 0", taking false branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:152: path: Condition "cpi->oxcf.tuning == VP8_TUNE_SSIM", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:156: path: Condition "xd->segmentation_enabled", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:160: path: Condition "cpi->segmentation_map[map_index + mb_col] <= 3", taking true branch. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:53: lockagain: Locking "&cpi->h_event_start_encoding[ithread]" again. +thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c:161: use: Using an unreliable value of "cpi->segmentation_map[map_index + mb_col]" inside the second locked section. If the data that "cpi->segmentation_map[map_index + mb_col]" depends on was changed by another thread, this use might be incorrect. +# 159| */ +# 160| if (cpi->segmentation_map[map_index + mb_col] <= 3) { +# 161|-> xd->mode_info_context->mbmi.segment_id = +# 162| cpi->segmentation_map[map_index + mb_col]; +# 163| } else { + +Error: ATOMICITY (CWE-667): +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1721: path: Condition "chk_type == 64", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1731: path: Condition "chk_flags & 2", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1734: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1738: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1751: path: Condition "(size_t)chk_length == clen", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1762: path: Condition "(chk_flags & 8) == 8", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1765: path: Condition "(chk_flags & 4) == 0", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1766: path: Condition "system_base_info.sctpsysctl.sctp_logging_level & 256", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1769: path: Condition "stcb == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1773: path: Condition "asoc->cumulative_tsn < tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1773: path: Condition "(uint32_t)(tsn - asoc->cumulative_tsn) > (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1773: path: Condition "asoc->cumulative_tsn > tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1773: path: Condition "(uint32_t)(asoc->cumulative_tsn - tsn) < (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1773: path: Condition "asoc->cumulative_tsn == tsn", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1785: path: Condition "tsn >= asoc->mapping_array_base_tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1785: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1786: path: Condition "gap >= (4096U /* 0x200 << 3 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1790: path: Condition "gap >= (uint32_t)(asoc->mapping_array_size << 3)", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1792: path: Condition "sctp_expand_mapping_array(asoc, gap)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1797: path: Condition "tsn < *high_tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1797: path: Condition "(uint32_t)(*high_tsn - tsn) > (2147483648U /* 1U << 31 */)", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1801: path: Condition "(asoc->mapping_array[gap >> 3] >> (gap & 7)) & 1", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1801: path: Condition "(asoc->nr_mapping_array[gap >> 3] >> (gap & 7)) & 1", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1816: path: Condition "stcb->sctp_ep->sctp_flags & 268435456", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1816: path: Condition "stcb->sctp_ep->sctp_flags & 536870912", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1816: path: Condition "stcb->asoc.state & 0x100", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1835: path: Condition "sid >= asoc->streamincnt", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1872: path: Condition "chk_type == 64", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1872: path: Condition "(chk_flags & 2) == 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1885: path: Condition "system_base_info.sctpsysctl.sctp_debug_on & 524288", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1885: path: Condition "system_base_info.debug_printf", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1887: path: Condition "(chk_flags & 3) != 3", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1921: path: Condition "control != NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1941: path: Condition "asoc->cnt_on_all_streams + asoc->cnt_on_reasm_queue + asoc->cnt_msg_on_sb >= system_base_info.sctpsysctl.sctp_max_chunks_on_queue", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:1941: path: Condition "(int)asoc->my_rwnd <= 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2020: path: Condition "chk_flags & 2", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2020: path: Condition "asoc->resetHead.tqh_first == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2047: path: Condition "chk_type == 64", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2049: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2052: path: Condition "last_chunk == 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2072: path: Condition "chk_type == 64", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2074: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2077: path: Condition "dmbuf->m_hdr.mh_next == NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2079: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2090: path: Condition "l_len > the_len", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2095: path: Condition "dmbuf == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2104: path: Condition "control == NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2105: path: Condition "control", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2106: path: Condition "control", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2106: path: Condition "stcb->asoc.state & 0x200", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2111: path: Condition "control == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2115: path: Condition "(chk_flags & 3) == 3", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2120: path: Condition "mm", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2122: path: Condition "mm->m_hdr.mh_next == NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2125: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2120: path: Condition "mm", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2134: path: Condition "system_base_info.sctpsysctl.sctp_debug_on & 524288", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2134: path: Condition "system_base_info.debug_printf", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2136: path: Condition "(chk_flags & 3) == 3", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2136: path: Condition "asoc->resetHead.tqh_first == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2174: path: Condition "(chk_flags & 3) != 3", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2204: path: Condition "system_base_info.sctpsysctl.sctp_do_drain == 0", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2206: path: Condition "tsn < asoc->highest_tsn_inside_nr_map", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2206: path: Condition "(uint32_t)(asoc->highest_tsn_inside_nr_map - tsn) > (2147483648U /* 1U << 31 */)", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2209: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2216: path: Condition "(chk_flags & 3) == 3", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2225: path: Condition "(liste = asoc->resetHead.tqh_first) != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2225: path: Condition "tsn < liste->tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2225: path: Condition "(uint32_t)(liste->tsn - tsn) > (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2225: path: Condition "tsn > liste->tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2225: path: Condition "(uint32_t)(tsn - liste->tsn) < (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2258: path: Condition "chk_flags & 4", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2269: path: Condition "system_base_info.sctpsysctl.sctp_debug_on & 524288", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2269: path: Condition "system_base_info.debug_printf", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2272: path: Condition "*abort_flag", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2279: path: Jumping to label "finish_express_del". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2299: path: Condition "tsn == asoc->cumulative_tsn + 1", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2303: path: Condition "last_chunk", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2306: path: Condition "ordered", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2308: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2313: path: Condition "system_base_info.sctpsysctl.sctp_logging_level & 131072", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2316: path: Condition "system_base_info.sctpsysctl.sctp_logging_level & 256", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2320: path: Condition "need_reasm_check", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2321: lock: Locking "stcb->tcb_mtx". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2325: path: Condition "(liste = asoc->resetHead.tqh_first) != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2325: path: Condition "asoc->cumulative_tsn < liste->tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2325: path: Condition "(uint32_t)(liste->tsn - asoc->cumulative_tsn) > (2147483648U /* 1U << 31 */)", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2334: path: Condition "liste->next_resp.tqe_next != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2334: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2339: path: Condition "asoc->resetHead.tqh_first == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2354: path: Condition "control", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2354: def: Assigning data that might be protected by the lock to "ncontrol". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2354: path: Condition "(ncontrol = control->next.tqe_next) , 1", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2355: path: Condition "control->sinfo_tsn < liste->tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2355: path: Condition "(uint32_t)(liste->tsn - control->sinfo_tsn) > (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2355: path: Condition "control->sinfo_tsn > liste->tsn", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2355: path: Condition "(uint32_t)(control->sinfo_tsn - liste->tsn) < (2147483648U /* 1U << 31 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2363: path: Condition "control->next.tqe_next != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2363: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2365: unlock: Unlocking "stcb->tcb_mtx". "ncontrol" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2366: path: Condition "*abort_flag", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2369: path: Condition "need_reasm_check", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2370: unlock: Unlocking "stcb->tcb_mtx". "ncontrol" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2373: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2370: lockagain: Locking "stcb->tcb_mtx" again. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c:2354: use: Using an unreliable value of "ncontrol" inside the second locked section. If the data that "ncontrol" depends on was changed by another thread, this use might be incorrect. +# 2352| } +# 2353| } else { +# 2354|-> TAILQ_FOREACH_SAFE(control, &asoc->pending_reply_queue, next, ncontrol) { +# 2355| if (SCTP_TSN_GT(control->sinfo_tsn, liste->tsn)) { +# 2356| break; + +Error: ATOMICITY (CWE-667): +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2591: path: Condition "system_base_info.sctpsysctl.sctp_debug_on & 8192", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2591: path: Condition "system_base_info.debug_printf", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2594: path: Condition "inp_p == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2601: path: Condition "cookie_len < 176UL /* sizeof (struct sctp_cookie_echo_chunk) + sizeof (struct sctp_init_chunk) + sizeof (struct sctp_init_chunk) + 20 */", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2607: path: Condition "cookie->peerport != sh->src_port", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2607: path: Condition "cookie->myport != sh->dest_port", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2607: path: Condition "cookie->my_vtag != sh->v_tag", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2625: path: Condition "cookie->addr_type == 4", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2625: path: Condition "src->sa_family == 123", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2632: path: Condition "cookie->laddr_type == 4", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2632: path: Condition "dst->sa_family == 123", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2646: path: Condition "m_sig == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2659: path: Condition "l_stcb != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2665: path: Condition "l_stcb != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2669: path: Condition "l_inp->sctp_flags & (805306368U /* 0x10000000 | 0x20000000 */)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2676: path: Condition "cookie->time_entered.tv_sec < (long)ep->time_of_secret_change", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2676: path: Condition "ep->current_secret_number != ep->last_secret_number", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2682: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2691: path: Condition "sig == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2697: path: Condition "timingsafe_bcmp(calc_sig, sig, 20) != 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2721: path: Condition "m_at->m_hdr.mh_next != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2723: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2721: path: Condition "m_at->m_hdr.mh_next != NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2727: path: Condition "cookie_ok == 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2735: path: Condition "sctp_ticks_to_msecs(cookie->cookie_life) > 3600000", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2741: path: Condition "time_entered.tv_sec < 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2741: path: Condition "time_entered.tv_usec < 0", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2741: path: Condition "time_entered.tv_usec >= 1000000", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2750: path: Condition "now.tv_sec == time_entered.tv_sec", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2750: path: Condition "now.tv_usec < time_entered.tv_usec", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2750: path: Condition "(now.tv_sec == time_entered.tv_sec) ? now.tv_usec < time_entered.tv_usec : (now.tv_sec < time_entered.tv_sec)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2764: path: Condition "now.tv_sec == time_expires.tv_sec", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2764: path: Condition "now.tv_usec > time_expires.tv_usec", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2764: path: Condition "(now.tv_sec == time_expires.tv_sec) ? now.tv_usec > time_expires.tv_usec : (now.tv_sec > time_expires.tv_sec)", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2820: path: Switch case value "4". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2857: path: Breaking from switch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2863: path: Condition "*stcb == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2901: path: Condition "*stcb == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2922: path: Condition "*stcb == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2927: path: Condition "*stcb == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2945: path: Condition "netl == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2953: path: Condition "netl", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2954: path: Condition "netl->dest_state & 0x200", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2962: path: Condition "(*inp_p)->sctp_flags & 2", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2963: path: Condition "!had_a_existing_tcb", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2963: path: Condition "((*inp_p)->sctp_flags & 2097152) == 0", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:2973: path: Condition "notification == 10", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3005: lock: Locking "&(*stcb)->tcb_mtx". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3008: path: Condition "so == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3037: def: Assigning data that might be protected by the lock to "inp". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3077: path: Condition "inp->sctp_ep.local_hmacs", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3081: path: Condition "inp->sctp_ep.local_auth_chunks", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3094: path: Condition "*stcb", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3097: unlock: Unlocking "(*inp_p)->inp_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3097: unlock: Unlocking "inp->inp_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3097: unlock: Unlocking "(*stcb)->tcb_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3100: unlock: Unlocking "&(*stcb)->tcb_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3106: unlock: Unlocking "(*inp_p)->inp_rdata_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3106: unlock: Unlocking "inp->inp_rdata_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3114: path: Condition "inp->sctp_flags & 268435456", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3108: lockagain: Locking "&(*stcb)->tcb_mtx" again. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c:3125: use: Using an unreliable value of "inp" inside the second locked section. If the data that "inp" depends on was changed by another thread, this use might be incorrect. +# 3123| SCTP_INP_DECR_REF(inp); +# 3124| /* Switch over to the new guy */ +# 3125|-> *inp_p = inp; +# 3126| sctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED); +# 3127| if (send_int_conf) { + +Error: ATOMICITY (CWE-667): +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2754: lock: Locking "&system_base_info.sctppcbinfo.ipi_ep_mtx". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2755: def: Assigning data that might be protected by the lock to "inp". +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2756: path: Condition "inp == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2815: path: Condition "inp->sctp_asocidhash == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2825: unlock: Unlocking "&system_base_info.sctppcbinfo.ipi_ep_mtx". "inp" might now be unreliable because other threads can now change the data that it depends on. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2829: path: Condition "so->so_type == SOCK_SEQPACKET", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2835: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2856: path: Condition "system_base_info.sctpsysctl.sctp_default_frag_interleave == 1", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2859: path: Falling through to end of if statement. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2868: path: Condition "inp->sctp_tcbhash == NULL", taking false branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2930: path: Condition "(inp->sctp_list.le_next = system_base_info.sctppcbinfo.listhead.lh_first) != NULL", taking true branch. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2927: lockagain: Locking "&inp->inp_mtx" again. +thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c:2930: use: Using an unreliable value of "inp" inside the second locked section. If the data that "inp" depends on was changed by another thread, this use might be incorrect. +# 2928| +# 2929| /* add it to the info area */ +# 2930|-> LIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list); +# 2931| #if defined(__APPLE__) && !defined(__Userspace__) +# 2932| inp->ip_inp.inp.inp_pcbinfo = &SCTP_BASE_INFO(sctbinfo); + +Error: WRITE_CONST_FIELD (CWE-843): +thunderbird-115.5.0/objdir/dist/include/js/Result.h:192: field_definition: A const-qualified field is defined. +thunderbird-115.5.0/objdir/dist/include/mozilla/Result.h:268: store_writes_const_field: A write to an aggregate overwrites a const-qualified field within the aggregate. +# 266| const auto bits = mBits ^ 1; +# 267| E res; +# 268|-> std::memcpy(&res, &bits, sizeof(E)); +# 269| return res; +# 270| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:112: path: Condition "id == this->main_process_id_", taking false branch. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:116: path: Condition "id_to_handle_iter == std::map, std::allocator > >::iterator(this->thread_id_to_handle_.end())", taking false branch. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:119: find: Calling "find" with element "id_to_handle_iter->second" returns the end iterator. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:119: assign: Assigning: "handle_to_name_iter" = "this->thread_handle_to_interned_name_.find(id_to_handle_iter->second)". +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:121: deref_iterator: Dereferencing iterator "handle_to_name_iter" though it is already past the end of its container. +# 119| auto handle_to_name_iter = +# 120| thread_handle_to_interned_name_.find(id_to_handle_iter->second); +# 121|-> return handle_to_name_iter->second->c_str(); +# 122| } +# 123| + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:134: path: Condition "true", taking true branch. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:137: find: Calling "find" with element "id" returns the end iterator. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:137: assign: Assigning: "id_to_handle_iter" = "this->thread_id_to_handle_.find(id)". +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:138: path: Condition "true", taking true branch. +thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc:141: deref_iterator: Dereferencing iterator "id_to_handle_iter" though it is already past the end of its container. +# 139| // The given |id| may have been re-used by the system. Make sure the +# 140| // mapping points to the provided |handle| before removal. +# 141|-> if (id_to_handle_iter->second != handle) +# 142| return; +# 143| + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/taskcluster/docker/updatebot/run.py:58: path: Condition ""TASK_ID" in os.environ", taking true branch. +thunderbird-115.5.0/taskcluster/docker/updatebot/run.py:59: path: Condition "OPERATING_MODE == "prod"", taking true branch. +thunderbird-115.5.0/taskcluster/docker/updatebot/run.py:71: path: Condition ""secret" in secret", taking false branch. +thunderbird-115.5.0/taskcluster/docker/updatebot/run.py:71: assign_null: Assigning: "secret" = "("secret" in secret) ? secret["secret"] : None". +thunderbird-115.5.0/taskcluster/docker/updatebot/run.py:72: invalid_operation: Invalid operation on null-like value "secret". The right hand side of "in" cannot be null-like. +# 70| secret = secrets.get("project/updatebot/" + OPERATING_MODE + "/" + name) +# 71| secret = secret["secret"] if "secret" in secret else None +# 72|-> secret = secret["value"] if "value" in secret else None +# 73| return secret +# 74| + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:27: assign_undefined: Assigning: "current_section" = "undefined". +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:47: path: Condition "defaults", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:49: path: Condition "comments", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:50: path: Condition "separators", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:54: path: Condition "isinstance(fp, string_types)", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:64: path: Condition "!stripped", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:67: path: Continuing loop. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:64: path: Condition "!stripped", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:70: path: Condition "any((function.__defaults__ = None) , ((function.__annotations__ = {}) , ((function.__doc__ = None) , function))())", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:76: path: Condition "comment_start == sys.maxsize", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:76: path: Condition "inline_prefixes", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:87: path: Condition "comment_start != sys.maxsize", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:91: path: Condition "len(stripped) > 2", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:91: path: Condition "stripped[0] == "["", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:91: path: Condition "stripped[-1] == "]"", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:117: path: Condition "!section_names", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:126: path: Condition "key", taking false branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:143: path: Condition "separator in stripped", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:150: path: Condition "key", taking true branch. +thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py:151: invalid_operation: Invalid operation on null-like value "current_section". The right hand side of "in" cannot be null-like. +# 149| # make sure this key isn't already in the section +# 150| if key: +# 151|-> assert ( +# 152| key not in current_section +# 153| ), f"Found duplicate key {key} in section {section}" + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3697: assign_null: Assigning: "level" = "None". +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3705: path: Condition "match", taking true branch. +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3708: path: Condition "parameter == "level"", taking false branch. +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3710: path: Condition "parameter == "scale"", taking true branch. +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3712: path: Condition "parameter !== None", taking true branch. +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3712: path: Condition "scale !== None", taking true branch. +thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py:3714: invalid_operation: Invalid operation on null-like value "level". +# 3712| if parameter is not None and scale is not None: +# 3713| # pylint --py3k W1619 +# 3714|-> percentage = 100.0 * level / scale +# 3715| break +# 3716| return percentage + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:29: path: Condition "self.locales !== None", taking false branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:41: assign_null: Assigning: "locales" = "None". +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:44: path: Condition "!locales", taking true branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:44: path: Condition ""MOZ_LOCALES" in os.environ", taking false branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:49: path: Condition "!locales", taking true branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:49: path: Condition "c.get("locales", {})", taking false branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:54: path: Condition "locales", taking false branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:64: path: Condition "!locales", taking true branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:64: path: Condition ""locales_file" in c", taking false branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:69: path: Condition "!locales", taking true branch. +thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py:73: invalid_operation: Invalid operation on null-like value "locales". The right hand side of "in" cannot be null-like. +# 71| +# 72| for locale in ignore_locales: +# 73|-> if locale in locales: +# 74| self.debug("Ignoring locale %s." % locale) +# 75| locales.remove(locale) + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py:159: assign_null: Assigning: "name" = "None". +thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py:161: path: Condition "!path_separator", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py:162: path: Falling through to end of if statement. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py:173: path: Condition "location", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py:176: invalid_operation: Invalid operation on null-like value "name". +# 174| +# 175| cmake_target_name = None +# 176|-> if location.endswith('/' + name): +# 177| cmake_target_name = location +# 178| elif location: + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:308: assign_undefined: Assigning: "max_dex_number" = "undefined". +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:314: path: Condition "options.best_compression", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:316: path: Falling through to end of if statement. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:324: path: Condition "options.format == "apk"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:324: path: Condition "!options.best_compression", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:335: path: Condition "options.dex_file", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:339: path: Condition "options.secondary_native_libs", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:343: path: Condition "options.java_resources", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:366: path: Condition "options.format == "bundle-module"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:390: path: Condition "options.secondary_android_abi", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:397: path: Condition "options.expected_file", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:410: path: Condition "options.only_verify_expectations", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:457: path: Condition "options.dex_file", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:476: path: Condition "options.jdk_libs_dex_file", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py:478: invalid_operation: Invalid operation on null-like value "max_dex_number". +# 476| if options.jdk_libs_dex_file: +# 477| with open(options.jdk_libs_dex_file, 'rb') as dex_file_obj: +# 478|-> add_to_zip( +# 479| apk_dex_dir + 'classes{}.dex'.format(max_dex_number + 1), +# 480| dex_file_obj.read(), + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:945: assign_undefined: Assigning: "extra_package_names" = "undefined". +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1162: path: Condition "args", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1165: path: Condition "options.generate_markdown_format_doc", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1171: path: Condition "options.fail", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1194: path: Condition "!required_options", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1199: path: Condition "options.type != "android_app_bundle_module"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1200: path: Condition "options.apk_proto_resources", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1203: path: Condition "options.module_pathmap_path", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1206: path: Condition "options.base_allowlist_rtxt_path", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1209: path: Condition "options.is_base_module", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1216: path: Condition "!is_apk_or_module_target", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1217: path: Condition "options.uncompress_shared_libraries", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1221: path: Condition "options.library_always_compress", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1225: path: Condition "options.library_renames", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1230: path: Condition "options.device_jar_path", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1230: path: Condition "!options.dex_path", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1232: path: Condition "any((function.__defaults__ = None) , ((function.__annotations__ = {}) , ((function.__doc__ = None) , function))())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1237: path: Condition "options.requires_android", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1237: path: Condition "!options.supports_android", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1246: path: Condition "options.static_library_dependent_configs", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1248: path: Condition "is_static_library_dex_provider_target", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1249: path: Condition "options.type != "android_apk"", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1263: path: Condition "options.annotation_processor_configs", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1270: path: Condition "options.recursive_resource_deps", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1285: path: Condition "options.type == "java_library"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1291: path: Condition "options.type == "android_resources"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1291: path: Condition "options.recursive_resource_deps", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1297: path: Condition "is_apk_or_module_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1311: path: Condition "options.base_module_build_config", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1332: path: Condition "options.type == "android_apk"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1332: path: Condition "options.tested_apk_config", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1337: path: Condition "options.type == "android_app_bundle_module"", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1341: path: Condition "options.type == "java_library"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1345: path: Condition "options.android_manifest", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1348: path: Condition "options.merged_android_manifest", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1351: path: Condition "options.bundled_srcjars", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1355: path: Condition "options.java_sources_file", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1358: path: Condition "is_java_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1375: path: Condition "options.r_text_path", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1381: path: Condition "is_apk_or_module_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1381: path: Condition "options.type in {"group", "java_library", "junit_binary"}", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1386: path: Condition "options.java_sources_file", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1389: path: Condition "options.apk_proto_resources", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1394: path: Condition "options.module_pathmap_path", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1402: path: Condition "options.base_allowlist_rtxt_path", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1409: path: Condition "is_java_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1427: path: Condition "is_apk_or_module_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1427: path: Condition "options.type == "dist_jar"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1430: path: Condition "is_java_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1457: path: Condition "options.type == "android_assets"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1459: path: Condition "options.asset_renaming_sources", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1462: path: Condition "options.asset_sources", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1468: path: Condition "options.asset_renaming_destinations", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1471: path: Condition "options.disable_asset_compression", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1473: path: Condition "options.treat_as_locale_paks", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1476: path: Condition "options.type == "android_resources"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1478: path: Condition "options.resource_overlay", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1480: path: Condition "options.srcjar", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1482: path: Condition "options.android_manifest", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1485: path: Condition "options.package_name", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1488: path: Condition "options.res_sources_path", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1491: path: Condition "options.requires_android", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1491: path: Condition "options.type == "java_library"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1492: path: Condition "options.package_name", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1495: path: Condition "options.type in {"android_resources", "android_apk", "junit_binary", "dist_aar", "android_app_bundle_module", "java_library"}", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1575: path: Condition "extra_classpath_jars", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1580: path: Condition "mergeable_android_manifests", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1585: path: Condition "proguard_configs", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1590: path: Condition "is_java_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1652: path: Condition "is_java_target", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1652: path: Condition "options.type == "android_app_bundle"", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1665: path: Condition "options.type in {"dist_jar", "java_binary", "junit_binary"}", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1668: path: Condition "options.host_jar_path", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1680: path: Condition "options.type in {"android_app_bundle_module", "android_apk"}", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1724: path: Condition "options.type == "android_app_bundle"", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1763: path: Condition "is_static_library_dex_provider_target", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1772: path: Condition "dep_config["type"] == "android_app_bundle"", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py:1784: invalid_operation: Invalid operation on null-like value "extra_package_names". The right hand side of "in" cannot be null-like. +# 1782| # union of resource IDs are available in the static library APK. +# 1783| for package in base_config['extra_package_names']: +# 1784|-> if package not in extra_package_names: +# 1785| extra_package_names.append(package) +# 1786| for cp_entry in dep_config['device_classpath']: + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py:31: assign_undefined: Assigning: "after_pids" = "undefined". +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py:44: path: Condition "before_pids", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py:53: path: Condition "!(self._test_instance.package in before_pids)", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py:55: invalid_operation: Invalid operation on null-like value "after_pids". The right hand side of "in" cannot be null-like. +# 53| if not self._test_instance.package in before_pids: +# 54| logging.error('Failed to start the process.') +# 55|-> elif not self._test_instance.package in after_pids: +# 56| logging.error('Process %s has died.', +# 57| before_pids[self._test_instance.package]) + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py:177: path: Condition "exp_name === None", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py:177: null_check: Comparing "exp_name" to a null-like value implies that "exp_name" might be null-like. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py:178: path: Falling through to end of if statement. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py:184: path: Condition "exp_inlines", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py:185: invalid_operation: Invalid operation on null-like value "exp_name". +# 183| +# 184| if exp_inlines: +# 185|-> self.assertEqual(sym_info.name, exp_name + '_inner') +# 186| self.assertEqual(sym_info.inlined_by.name, exp_name + '_middle') +# 187| self.assertEqual(sym_info.inlined_by.inlined_by.name, + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/call/call.cc:176: find: Calling "find" with element "video_send_stream" returns the end iterator. +thunderbird-115.5.0/third_party/libwebrtc/call/call.cc:176: assign: Assigning: "it" = "this->adapter_resources_.find(video_send_stream)". +thunderbird-115.5.0/third_party/libwebrtc/call/call.cc:177: path: Condition "true /* true ? true : (((void)(it != std::map, std::less, std::allocator > > >::iterator(this->adapter_resources_.end()))) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/call/call.cc:178: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 176| auto it = adapter_resources_.find(video_send_stream); +# 177| RTC_DCHECK(it != adapter_resources_.end()); +# 178|-> broadcast_resource_listener_.RemoveAdapterResource(it->second); +# 179| adapter_resources_.erase(it); +# 180| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:519: path: Condition "true /* true ? true : (((void)!this->IsAtEnd()) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:521: path: Condition "true", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: path: Condition "this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: path: Condition "this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:527: path: Condition "true /* true ? true : (((void)(void)rtc::SafeGt(this->row_->second->spans.size(), 0)) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:532: path: Condition "this->IsAtEnd()", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_->second->bottom == this->row_->second->top", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "webrtc::DesktopRegion::IsSpanInRow(this->previous_row_->second, *this->row_span_)", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:541: path: Continuing loop. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:521: path: Condition "true", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: path: Condition "this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: past_the_end: Function "end" creates an iterator. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: assign: Assigning: "" = "this->region_.rows_.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: path: Condition "this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: tested_end: "this->row_" testing equal to "this->region_.rows_.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:532: path: Condition "this->IsAtEnd()", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: deref_iterator: Dereferencing iterator "this->row_" though it is already past the end of its container. +# 536| // already returned this span merged into the previous one, via +# 537| // UpdateCurrentRect(). +# 538|-> if (previous_row_ != region_.rows_.end() && +# 539| previous_row_->second->bottom == row_->second->top && +# 540| IsSpanInRow(*previous_row_->second, *row_span_)) { + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:519: path: Condition "true /* true ? true : (((void)!this->IsAtEnd()) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:521: path: Condition "true", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: path: Condition "this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: path: Condition "this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:527: path: Condition "true /* true ? true : (((void)(void)rtc::SafeGt(this->row_->second->spans.size(), 0)) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:532: path: Condition "this->IsAtEnd()", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_->second->bottom == this->row_->second->top", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "webrtc::DesktopRegion::IsSpanInRow(this->previous_row_->second, *this->row_span_)", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:541: path: Continuing loop. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:521: path: Condition "true", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: past_the_end: Function "end" creates an iterator. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: assign: Assigning: "" = "this->row_->second->spans.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: path: Condition "this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:523: tested_end: "this->row_span_" testing equal to "this->row_->second->spans.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:526: path: Condition "this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:532: path: Condition "this->IsAtEnd()", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: path: Condition "this->previous_row_->second->bottom == this->row_->second->top", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc:538: deref_iterator: Dereferencing iterator "this->row_span_" though it is already past the end of its container. +# 536| // already returned this span merged into the previous one, via +# 537| // UpdateCurrentRect(). +# 538|-> if (previous_row_ != region_.rows_.end() && +# 539| previous_row_->second->bottom == row_->second->top && +# 540| IsSpanInRow(*previous_row_->second, *row_span_)) { + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc:89: find: Calling "find" with element "ssrc" returns the end iterator. +thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc:89: assign: Assigning: "it" = "this->send_modules_map_.find(ssrc)". +thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc:90: path: Condition "true /* true ? true : (((void)(it != std::unordered_map, std::equal_to, std::allocator > >::iterator(this->send_modules_map_.end()))) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc:91: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 89| auto it = send_modules_map_.find(ssrc); +# 90| RTC_DCHECK(it != send_modules_map_.end()); +# 91|-> send_modules_list_.remove(it->second); +# 92| send_modules_map_.erase(it); +# 93| } + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:445: path: Condition "!this->send_side_delay_observer_", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:445: path: Condition "capture_time.IsInfinite()", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:458: path: Condition "it != lower_bound", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:459: path: Condition "this->max_delay_it_ == std::_Rb_tree_const_iterator >::_Self const(it)", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:460: past_the_end: Function "end" creates an iterator. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:460: assign: Assigning: "" = "this->send_delays_.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:460: assign: Assigning: "this->max_delay_it_" = "std::_Rb_tree_const_iterator > const(std::map, std::allocator > >::iterator(this->send_delays_.end()))". +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:463: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:458: path: Condition "it != lower_bound", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:459: path: Condition "this->max_delay_it_ == std::_Rb_tree_const_iterator >::_Self const(it)", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:459: tested_end: "it" testing equal to "this->max_delay_it_". +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc:462: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 460| max_delay_it_ = send_delays_.end(); +# 461| } +# 462|-> sum_delays_ -= it->second; +# 463| } +# 464| send_delays_.erase(send_delays_.begin(), lower_bound); + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:24: path: Condition "it != std::vector >::iterator(candidates.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:25: path: Condition "!it->bitrate_bps()", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:26: path: Falling through to end of if statement. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:29: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:24: path: Condition "it != std::vector >::iterator(candidates.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:31: path: Condition "candidates.size() <= 1", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:43: path: Condition "it != std::vector >::iterator(candidates.end())", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:44: path: Condition "true /* true ? true : (((void)it->bitrate_bps()) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:49: path: Condition "next_it != std::vector >::iterator(candidates.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:61: path: Jumping back to the beginning of the loop. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:43: path: Condition "it != std::vector >::iterator(candidates.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:65: past_the_end: Function "end" creates an iterator. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:65: assign: Assigning: "min_bitrate_it" = "candidates.end()". +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:66: path: Condition "it != std::vector >::iterator(candidates.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:73: assign: Assigning: "it" = "min_bitrate_it". +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:73: path: Condition "it != std::vector >::iterator(candidates.end())", taking false branch. +thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc:87: deref_iterator: Dereferencing iterator "min_bitrate_it" though it is already past the end of its container. +# 85| +# 86| // First member of selected list. +# 87|-> bounding_set.push_back(*min_bitrate_it); +# 88| intersection[0] = 0; +# 89| // Calculate its maximum packet rate (where its line crosses x-axis). + +Error: INVALIDATE_ITERATOR (CWE-119): +thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc:45: find: Calling "find" with element "this->current_reason_" returns the end iterator. +thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc:45: assign: Assigning: "it" = "total_durations_ms.find(this->current_reason_)". +thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc:46: path: Condition "true /* true ? true : (((void)(it != std::map, std::allocator > >::iterator(total_durations_ms.end()))) , true) */", taking true branch. +thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc:47: deref_iterator: Dereferencing iterator "it" though it is already past the end of its container. +# 45| auto it = total_durations_ms.find(current_reason_); +# 46| RTC_DCHECK(it != total_durations_ms.end()); +# 47|-> it->second += +# 48| clock_->TimeInMilliseconds() - current_reason_updated_timestamp_ms_; +# 49| return total_durations_ms; + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:492: path: Condition "func === None", taking true branch. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:492: null_check: Comparing "func" to a null-like value implies that "func" might be null-like. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:494: path: Condition "args", taking true branch. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:495: path: Condition "getattr(func, "contextfilter", False) === True", taking true branch. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:496: path: Condition "context === None", taking false branch. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:510: call: Calling the null-like value "func". +# 508| elif getattr(func, "environmentfilter", False) is True: +# 509| args.insert(0, self) +# 510|-> return func(*args, **(kwargs or {})) +# 511| +# 512| def call_test(self, name, value, args=None, kwargs=None): + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:518: path: Condition "func === None", taking true branch. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:518: null_check: Comparing "func" to a null-like value implies that "func" might be null-like. +thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py:520: call: Calling the null-like value "func". +# 518| if func is None: +# 519| fail_for_missing_callable("no test named %r", name) +# 520|-> return func(value, *(args or ()), **(kwargs or {})) +# 521| +# 522| @internalcode + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:107: path: Condition ""gzip" in request.headers.get(hdrs.ACCEPT_ENCODING, "")", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:110: path: Condition "gzip_path.is_file()", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:118: path: Condition "modsince !== None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:118: path: Condition "st.st_mtime <= modsince.timestamp()", taking false branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:126: path: Condition "unmodsince !== None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:126: path: Condition "st.st_mtime > unmodsince.timestamp()", taking false branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:130: path: Condition "!(hdrs.CONTENT_TYPE in self.headers)", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:132: path: Condition "!ct", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:146: path: Condition "ifrange === None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:174: path: Condition "start !== None", taking false branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:174: null_check: Comparing "start" to a null-like value implies that "start" might be null-like. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:174: path: Condition "end !== None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:175: path: Condition "start < 0", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:175: path: Condition "end === None", taking false branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:190: path: Condition "end !== None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py:190: invalid_operation: Invalid operation on null-like value "start". +# 188| # value of last-byte-pos with a value that is one less than +# 189| # the current length of the selected representation). +# 190|-> count = ( +# 191| min(end if end is not None else file_size, file_size) - start +# 192| ) + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py:943: path: Condition "!(self.request.method in hdrs.METH_ALL)", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py:946: path: Condition "method === None", taking true branch. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py:946: null_check: Comparing "method" to a null-like value implies that "method" might be null-like. +thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py:948: call: Calling the null-like value "method". +# 946| if method is None: +# 947| self._raise_allowed_methods() +# 948|-> resp = await method() +# 949| return resp +# 950| + +Error: FORWARD_NULL (CWE-476): +thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py:918: assign_null: Assigning: "current_value" = "None". +thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py:920: path: Condition "ttype === current_type", taking true branch. +thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py:921: invalid_operation: Invalid operation on null-like value "current_value". +# 919| for ttype, value in stream: +# 920| if ttype is current_type: +# 921|-> current_value += value +# 922| else: +# 923| if current_type is not None: + +Error: RETURN_LOCAL (CWE-562): +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79183: path: Condition "aRoot[0] == 0", taking true branch. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79186: path: Condition "aRoot[1] != 1", taking true branch. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79199: local_ptr_identity_local: "sqlite3StrAccumInit(&sCheck.errMsg, NULL, zErr, 100, 1000000000)" stores "zErr" (address of local variable "zErr") into "sCheck.errMsg.zText". +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79201: path: Condition "sCheck.nPage == 0", taking false branch. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79206: path: Condition "!sCheck.aPgRef", taking true branch. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79208: path: Jumping to label "integrity_ck_cleanup". +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79294: path: Condition "sCheck.nErr == 0", taking false branch. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79298: identity_transfer: Passing field "sCheck.errMsg.zText" (indirectly, via argument 1) to function "sqlite3StrAccumFinish", which returns it. +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79298: escape_local_addr_alias: Returning, through "*pzOut", pointer "sqlite3StrAccumFinish(&sCheck.errMsg)" which points to local variable "zErr". +thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c:79303: return: Returning here. +#79296| *pzOut = 0; +#79297| }else{ +#79298|-> *pzOut = sqlite3StrAccumFinish(&sCheck.errMsg); +#79299| } +#79300| /* Make sure this analysis did not leave any unref() pages. */ + +Error: COM.BAD_FREE (CWE-416): +thunderbird-115.5.0/xpcom/reflect/xptcall/xptcall.cpp:45: assign: Assigning from interface pointer to implementation pointer is an explicit downcast. +thunderbird-115.5.0/xpcom/reflect/xptcall/xptcall.cpp:46: free: Freeing implementation pointer "stub" in call to "operator delete(void *, std::size_t)". +# 44| NS_DestroyXPTCallStub(nsISomeInterface* aStub) { +# 45| nsXPTCStubBase* stub = static_cast(aStub); +# 46|-> delete (stub); +# 47| } +# 48| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:123: return_thread_shared: Call to "getServletConfig" returns a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:123: thread_unsafe_modification: Thread-shared "getServletConfig()" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:123: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:123: write: "getServletConfig()" is modified in call to "getServletContext". (The virtual call resolves to "org.apache.catalina.core.StandardWrapper.getServletContext".) +# 121| @Override +# 122| public ServletContext getServletContext() { +# 123|-> return getServletConfig().getServletContext(); +# 124| } +# 125| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:237: path: Condition "javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:234: thread_entry_point: "doHead" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:238: thread_unsafe_modification: Thread-shared "this.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:238: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:238: write: "this.config" is modified in call to "doGet". (The virtual call resolves to "ServletToJsp.doGet".) +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:238: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 236| +# 237| if (DispatcherType.INCLUDE.equals(req.getDispatcherType())) { +# 238|-> doGet(req, resp); +# 239| } else { +# 240| NoBodyResponse response = new NoBodyResponse(resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:237: path: Condition "javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:234: thread_entry_point: "doHead" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:241: thread_unsafe_modification: Thread-shared "this.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:241: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:241: write: "this.config" is modified in call to "doGet". (The virtual call resolves to "ServletToJsp.doGet".) +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:241: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 239| } else { +# 240| NoBodyResponse response = new NoBodyResponse(resp); +# 241|-> doGet(req, response); +# 242| if (req.isAsyncStarted()) { +# 243| req.getAsyncContext().addListener(new NoBodyAsyncContextListener(response)); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:476: returned_null: "getAllDeclaredMethods" returns "null" (checked 1 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:476: var_assigned: Assigning: "methods" = "null" return value from "getAllDeclaredMethods". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:492: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:498: null_array_length: Accessing length of null array "methods". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:427: example_assign: Example 1: Assigning: "parentMethods" = return value from "javax.servlet.http.HttpServlet.getAllDeclaredMethods(c.getSuperclass())". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java:430: example_checked: Example 1 (cont.): "parentMethods" has its value checked in "parentMethods != null". +# 496| // End of Tomcat specific hack +# 497| +# 498|-> for (int i=0; i doGet(req, resp); +# 656| } else { +# 657| long ifModifiedSince; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/Manager.java:241: returned_null: "getSessionIdGenerator" returns "null" (checked 4 out of 7 times). (The virtual call resolves to "org.apache.catalina.session.ManagerBase.getSessionIdGenerator".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/Manager.java:241: null_method_call: Calling a method on null object "getSessionIdGenerator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/ClusterManagerBase.java:163: example_checked: Example 1: "getSessionIdGenerator()" has its value checked in "getSessionIdGenerator() != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:645: example_assign: Example 2: Assigning: "sessionIdGenerator" = return value from "getSessionIdGenerator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:646: example_checked: Example 2 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:89: example_assign: Example 3: Assigning: "sessionIdGenerator" = return value from "manager.getSessionIdGenerator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:90: example_checked: Example 3 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java:54: example_assign: Example 4: Assigning: "sessionIdGenerator" = return value from "manager.getSessionIdGenerator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java:55: example_checked: Example 4 (cont.): "sessionIdGenerator" has its value checked in "sessionIdGenerator != null". +# 239| boolean duplicate = true; +# 240| do { +# 241|-> newSessionId = getSessionIdGenerator().generateSessionId(); +# 242| try { +# 243| if (findSession(newSessionId) == null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java:171: returned_null: "getJMXConnection" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java:171: null_method_call: Calling a method on null object "getJMXConnection()". +# 169| protected String accessJMXValue() { +# 170| try { +# 171|-> Object result = getJMXConnection().getAttribute( +# 172| new ObjectName(name), attribute); +# 173| if (result != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java:329: path: Condition "!getState().isAvailable()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: path: Condition "session.getMaxInactiveInterval() > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java:337: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 335| // session was logged out, we'll log out of all session associated with +# 336| // the SSO. +# 337|-> if (((session.getMaxInactiveInterval() > 0) +# 338| && (session.getIdleTimeInternal() >= session.getMaxInactiveInterval() * 1000)) +# 339| || (!session.getManager().getContext().getState().isAvailable())) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java:41: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java:41: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 39| public SingleSignOnSessionKey(Session session) { +# 40| this.sessionId = session.getId(); +# 41|-> Context context = session.getManager().getContext(); +# 42| this.contextName = context.getName(); +# 43| this.hostName = context.getParent().getName(); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:189: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 184| appContextRegistrations.get(getRegistrationID(null, appContext)); +# 185| if (registration != null) { +# 186|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 187| if (layer.equals(wrapper.getMessageLayer()) && +# 188| appContext.equals(wrapper.getAppContext())) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:195: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: Iterating over another element of "layerRegistrations.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:202: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 198| // Need to check registrations for all layers +# 199| for (RegistrationContextImpl registration : layerRegistrations.values()) { +# 200|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 201| if (appContext.equals(wrapper.getAppContext())) { +# 202| registration.listeners.remove(wrapper); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:179: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:185: path: Condition "registration != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "layer.equals(wrapper.getMessageLayer())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:187: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:192: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:186: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:195: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: Iterating over another element of "layerRegistrations.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:201: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:205: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:200: path: No elements left in "registration.listeners", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:206: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:199: path: No elements left in "layerRegistrations.values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:208: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:210: path: Iterating over another element of "defaultRegistration.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: enhanced_for: Starting an iteration on "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext.equals(wrapper.getAppContext())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "layer.equals(wrapper.getMessageLayer())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:217: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: path: Iterating over another element of "registration.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:212: path: Condition "appContext.equals(wrapper.getAppContext())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:214: modify_iterable: Call to "remove" modifies "Iterable" "registration.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:217: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:211: invalid_loop: Attempting to obtain another element from "registration.listeners" after it's been modified. +# 209| // Need to check default +# 210| for (RegistrationContextImpl registration : defaultRegistration.values()) { +# 211|-> for (RegistrationListenerWrapper wrapper : registration.listeners) { +# 212| if (appContext != null && appContext.equals(wrapper.getAppContext()) || +# 213| layer != null && layer.equals(wrapper.getMessageLayer())) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "layer != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:164: path: Condition "appContext != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:166: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:174: path: Condition "previous == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: enhanced_for: Starting an iteration on "previous.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: path: Iterating over another element of "previous.listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:223: modify_iterable: Call to "remove" modifies "Iterable" "previous.listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:225: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:222: invalid_loop: Attempting to obtain another element from "previous.listeners" after it's been modified. +# 220| } else { +# 221| // Replaced an existing registration so need to notify those listeners +# 222|-> for (RegistrationListenerWrapper wrapper : previous.listeners) { +# 223| previous.listeners.remove(wrapper); +# 224| wrapper.listener.notify(wrapper.messageLayer, wrapper.appContext); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: enhanced_for: Starting an iteration on "listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: path: Iterating over another element of "listeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:475: path: Condition "wrapper.getListener().equals(listener)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:476: modify_iterable: Call to "remove" modifies "Iterable" "listeners" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:479: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java:474: invalid_loop: Attempting to obtain another element from "listeners" after it's been modified. +# 472| private boolean removeListener(RegistrationListener listener) { +# 473| boolean result = false; +# 474|-> for (RegistrationListenerWrapper wrapper : listeners) { +# 475| if (wrapper.getListener().equals(listener)) { +# 476| listeners.remove(wrapper); + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:554: path: Condition "conv != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:560: path: Condition "coyoteResponse != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:560: var_compare_op: Comparing "coyoteResponse" to null implies that "coyoteResponse" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:564: path: Condition "charset == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:565: null_method_call: Calling a method on null object "coyoteResponse". +# 563| +# 564| if (charset == null) { +# 565|-> if (coyoteResponse.getCharacterEncoding() != null) { +# 566| // setCharacterEncoding() was called with an invalid character set +# 567| // Trigger an UnsupportedEncodingException + +Error: UNUSED_VALUE (CWE-563): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:570: value_overwrite: Overwriting previous write to "charset" with value from "org.apache.coyote.Constants.DEFAULT_BODY_CHARSET". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java:568: returned_reference: Assigning value from "org.apache.tomcat.util.buf.B2CConverter.getCharset(coyoteResponse.getCharacterEncoding())" to "charset" here, but that stored value is overwritten before it can be used. +# 566| // setCharacterEncoding() was called with an invalid character set +# 567| // Trigger an UnsupportedEncodingException +# 568|-> charset = B2CConverter.getCharset(coyoteResponse.getCharacterEncoding()); +# 569| } +# 570| charset = org.apache.coyote.Constants.DEFAULT_BODY_CHARSET; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2796: path: Condition "response.isCommitted()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2801: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2801: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:881: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:882: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:163: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2799| } +# 2800| +# 2801|-> return getContext().getAuthenticator().authenticate(this, response); +# 2802| } +# 2803| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2810: path: Condition "getAuthType() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2810: path: Condition "getRemoteUser() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2810: path: Condition "getUserPrincipal() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2816: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2816: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:881: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:882: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:163: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2814| } +# 2815| +# 2816|-> getContext().getAuthenticator().login(username, password, this); +# 2817| } +# 2818| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2824: returned_null: "getAuthenticator" returns "null" (checked 4 out of 8 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.getAuthenticator".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2824: null_method_call: Calling a method on null object "getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:51: example_assign: Example 1: Assigning: "authenticator" = return value from "context.getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:52: example_checked: Example 1 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:881: example_assign: Example 2: Assigning: "authenticator" = return value from "request.getContext().getAuthenticator()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java:882: example_checked: Example 2 (cont.): "authenticator" has its value checked in "authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java:163: example_checked: Example 3: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:356: example_checked: Example 4: "context.getAuthenticator()" has its value checked in "context.getAuthenticator() != null". +# 2822| @Override +# 2823| public void logout() throws ServletException { +# 2824|-> getContext().getAuthenticator().logout(this); +# 2825| } +# 2826| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:210: returned_null: "findServletMappings" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findServletMappings".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:210: var_assigned: Assigning: "urlPatterns" = "null" return value from "findServletMappings". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java:211: null_array_length: Accessing length of null array "urlPatterns". +# 209| +# 210| String[] urlPatterns = context.findServletMappings(); +# 211|-> for (String urlPattern : urlPatterns) { +# 212| String name = context.findServletMapping(urlPattern); +# 213| if (name.equals(servletName)) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6120: path: Condition "workDir == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6127: path: Condition "parentHost != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6129: path: Condition "parentHost instanceof org.apache.catalina.core.StandardHost", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6133: path: Condition "parentEngine != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6137: path: Condition "hostName == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6140: path: Condition "engineName == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6145: path: Condition "temp.startsWith("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6150: path: Condition "temp.length() < 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6153: path: Condition "hostWorkDir != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6164: path: Condition "!dir.isAbsolute()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6167: path: Throwing "java.io.IOException" (or subclass) from call to "getCanonicalPath". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6169: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6174: path: Condition "!dir.mkdirs()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6174: path: Condition "!dir.isDirectory()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6180: path: Condition "context == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6180: var_compare_op: Comparing "context" to null implies that "context" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6181: no_write_call: Although "getServletContext" does overwrite "this.context" on some paths, it also contains at least one feasible path which does not overwrite it. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java:6183: null_method_call: Calling a method on null object "context". +# 6181| getServletContext(); +# 6182| } +# 6183|-> context.setAttribute(ServletContext.TEMPDIR, dir); +# 6184| context.setAttributeReadOnly(ServletContext.TEMPDIR); +# 6185| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:101: path: Condition "!context.getState().isAvailable()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:108: path: Condition "!unavailable", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:127: path: Condition "!unavailable", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:130: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:161: path: Condition "request.getDispatcherType() == javax.servlet.DispatcherType.ASYNC", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:175: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:202: path: Falling through to finally statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:255: path: Condition "filterChain != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:261: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:264: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:277: path: Condition "servlet != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:281: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:292: read_volatile: Reading "processingTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:292: intervening_update: Another thread writes to "processingTime". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java:292: stale_update: Updating "processingTime" based on a stale value. Any intervening update in another thread is overwritten. +# 290| +# 291| long time=t2-t1; +# 292|-> processingTime += time; +# 293| if( time > maxTime) { +# 294| maxTime=time; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:250: path: Condition "entries.contains(environment.getName())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:253: path: Condition "ce != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:259: path: Condition "rl != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:261: returned_null: "getServer" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java:261: null_method_call: Calling a method on null object "getServer()". +# 259| } else if (rl != null) { +# 260| // Link. Need to look at the global resources +# 261|-> NamingResourcesImpl global = getServer().getGlobalNamingResources(); +# 262| if (global.findEnvironment(rl.getGlobal()) != null) { +# 263| if (global.findEnvironment(rl.getGlobal()).getOverride()) { + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:115: path: Condition "request instanceof javax.servlet.http.HttpServletRequest", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:115: path: Condition "response instanceof javax.servlet.http.HttpServletResponse", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:123: path: Condition ""GET" /* org.apache.catalina.filters.Constants.METHOD_GET */.equals(req.getMethod())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:123: path: Condition "entryPoints.contains(getRequestedPath(req))", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:125: path: Condition "log.isTraceEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:134: get_attribute: Calling "getAttribute" on thread-shared object "session". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:139: path: Condition "!skipNonceCheck", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:180: path: Condition "nonceCache == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:181: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:182: path: Condition "null == session", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:186: path: Condition "session == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java:193: set_attribute: Calling "setAttribute" on thread-shared object "session" can result in a lost update. +# 191| session = req.getSession(true); +# 192| } +# 193|-> session.setAttribute( +# 194| Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache); +# 195| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1288: path: Condition "contentType == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1302: path: Condition "contentType != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1309: path: Condition "configuration != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1319: path: Condition "org.apache.catalina.filters.ExpiresFilter.contains(contentType, ";")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1321: returned_null: "substringBefore" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java:1321: null_method_call: Calling a method on null object "org.apache.catalina.filters.ExpiresFilter.substringBefore(contentType, ";")". +# 1319| if (contains(contentType, ";")) { +# 1320| // lookup content-type without charset match (e.g. "text/html") +# 1321|-> String contentTypeWithoutCharset = substringBefore(contentType, ";").trim(); +# 1322| configuration = expiresConfigurationByContentType.get(contentTypeWithoutCharset); +# 1323| + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:846: path: Condition "hasPrincipal", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:852: path: Condition "org.apache.catalina.ha.session.DeltaSession.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:857: path: Condition "attributes == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:861: save: Saving non-local "isValid" in local "isValidSave". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:862: modify: Modifying non-local "isValid". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:863: path: Condition "i < n", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: exception: Value of non-local "isValid" that was saved in "isValidSave" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: remediation: Did you intend to handle restoring "isValid" in a finally block to ensure it is always executed? +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:867: path: Throwing "java.io.IOException" (or subclass) from call to "readObject". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:868: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:869: path: Condition "wae.getCause() instanceof java.io.NotSerializableException", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:873: path: Throwing "java.io.WriteAbortedException" (or subclass); exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java:885: restore_example: The original value of non-local "isValid" was restored here. +# 865| final Object value; +# 866| try { +# 867|-> value = stream.readObject(); +# 868| } catch (WriteAbortedException wae) { +# 869| if (wae.getCause() instanceof NotSerializableException) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java:328: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java:328: null_method_call: Calling a method on null object "catalinaSession.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 326| String newSessionID, Session catalinaSession) { +# 327| fireLifecycleEvent("Before session migration", catalinaSession); +# 328|-> catalinaSession.getManager().changeSessionId(catalinaSession, newSessionID); +# 329| changeRequestSessionID(request, sessionId, newSessionID); +# 330| fireLifecycleEvent("After session migration", catalinaSession); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:429: path: Condition "sessions != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:429: path: Condition "sessions.size() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:430: path: Iterating over another element of "sessions". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:431: path: Condition "org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:436: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:437: read_volatile: Reading "nrOfCrossContextSendRequests", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:437: intervening_update: Another thread writes to "nrOfCrossContextSendRequests". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:437: stale_update: Updating "nrOfCrossContextSendRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 435| sendMessage(session,(ClusterManager)session.getManager()); +# 436| if(doStatistics()) { +# 437|-> nrOfCrossContextSendRequests++; +# 438| } +# 439| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:475: path: Condition "org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:476: returned_null: "getManager" returns "null" (checked 1 out of 5 times). (The virtual call resolves to "org.apache.catalina.manager.DummyProxySession.getManager".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:476: null_method_call: Calling a method on null object "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:46: example_assign: Example 1: Assigning: "manager" = return value from "session.getManager()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java:47: example_checked: Example 1 (cont.): "manager" has its value checked in "manager == null". +# 474| protected void resetDeltaRequest(Session session) { +# 475| if(log.isDebugEnabled()) { +# 476|-> log.debug(sm.getString("ReplicationValve.resetDeltaRequest" , +# 477| session.getManager().getContext().getName() )); +# 478| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:490: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:493: path: Condition "!isRequestWithoutSessionChange(uri)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:499: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:500: read_volatile: Reading "nrOfFilterRequests", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:500: intervening_update: Another thread writes to "nrOfFilterRequests". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:500: stale_update: Updating "nrOfFilterRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 498| } else +# 499| if(doStatistics()) { +# 500|-> nrOfFilterRequests++; +# 501| } +# 502| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:528: path: Condition "msg != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:528: path: Condition "cluster != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:530: path: Condition "doStatistics()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:531: read_volatile: Reading "nrOfSendRequests", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:531: intervening_update: Another thread writes to "nrOfSendRequests". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:531: stale_update: Updating "nrOfSendRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 529| cluster.send(msg); +# 530| if(doStatistics()) { +# 531|-> nrOfSendRequests++; +# 532| } +# 533| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:573: read_volatile: Reading "totalSendTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:573: intervening_update: Another thread writes to "totalSendTime". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:573: stale_update: Updating "totalSendTime" based on a stale value. Any intervening update in another thread is overwritten. +# 571| long currentTime = System.currentTimeMillis(); +# 572| lastSendTime = currentTime; +# 573|-> totalSendTime += currentTime - clusterTime; +# 574| totalRequestTime += currentTime - requestTime; +# 575| nrOfRequests++; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:574: read_volatile: Reading "totalRequestTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:574: intervening_update: Another thread writes to "totalRequestTime". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:574: stale_update: Updating "totalRequestTime" based on a stale value. Any intervening update in another thread is overwritten. +# 572| lastSendTime = currentTime; +# 573| totalSendTime += currentTime - clusterTime; +# 574|-> totalRequestTime += currentTime - requestTime; +# 575| nrOfRequests++; +# 576| if(log.isInfoEnabled()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: read_volatile: Reading "nrOfRequests", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: intervening_update: Another thread writes to "nrOfRequests". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java:575: stale_update: Updating "nrOfRequests" based on a stale value. Any intervening update in another thread is overwritten. +# 573| totalSendTime += currentTime - clusterTime; +# 574| totalRequestTime += currentTime - requestTime; +# 575|-> nrOfRequests++; +# 576| if(log.isInfoEnabled()) { +# 577| if ( (nrOfRequests % 100) == 0 ) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:242: path: Condition "true", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:244: path: Condition "warPart == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:249: returned_null: "getSubmittedFileName" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationPart.getSubmittedFileName".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:249: var_assigned: Assigning: "filename" = "null" return value from "getSubmittedFileName". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:250: null_method_call: Calling a method on null object "filename". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java:2947: example_checked: Example 1: "part.getSubmittedFileName()" has its value checked in "part.getSubmittedFileName() == null". +# 248| } +# 249| String filename = warPart.getSubmittedFileName(); +# 250|-> if (!filename.toLowerCase(Locale.ENGLISH).endsWith(".war")) { +# 251| message = smClient.getString( +# 252| "htmlManagerServlet.deployUploadNotWar", filename); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1005: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1005: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1005: write: "super.config" is modified in call to "getServletContext". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1005: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 1003| resp.setDateHeader("Expires", 0); // 0 means now +# 1004| req.setAttribute("currentSession", session); +# 1005|-> getServletContext().getRequestDispatcher(resp.encodeURL(sessionDetailJspPath)).include(req, resp); +# 1006| } +# 1007| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1019: path: Condition "null == sessionIds", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1028: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1031: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1036: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1039: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1026: path: Condition "null == session", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1028: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1031: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1044: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1023: path: Iterating over another element of "sessionIds". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1024: returned_null: "getSessionForNameAndId" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1024: null_method_call: Calling a method on null object "getSessionForNameAndId(cn, sessionId, smClient)". +# 1022| int nbAffectedSessions = 0; +# 1023| for (String sessionId : sessionIds) { +# 1024|-> HttpSession session = +# 1025| getSessionForNameAndId(cn, sessionId, smClient).getSession(); +# 1026| if (null == session) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1059: returned_null: "getSessionForNameAndId" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java:1059: null_method_call: Calling a method on null object "getSessionForNameAndId(cn, sessionId, smClient)". +# 1057| protected boolean removeSessionAttribute(ContextName cn, String sessionId, +# 1058| String attributeName, StringManager smClient) { +# 1059|-> HttpSession session = +# 1060| getSessionForNameAndId(cn, sessionId, smClient).getSession(); +# 1061| if (null == session) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java:271: var_compare_op: Comparing "parameters" to null implies that "parameters" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java:273: path: Condition "null == methodInfo", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java:291: path: Condition "i < signature.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java:294: null_array_access: Accessing an element on null array "parameters". +# 292| MBeanParameterInfo pi = signature[i]; +# 293| signatureTypes[i] = pi.getType(); +# 294|-> values[i] = registry.convertValue(pi.getType(), parameters[i]); +# 295| } +# 296| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1156: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1157: path: Condition "type != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1159: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1165: path: Condition "global == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1171: path: Condition "type != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1174: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.manager.ManagerServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:168: thread_shared_derived: "org.apache.catalina.manager.ManagerServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: thread_unsafe_modification: Thread-shared "global" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java:1178: write: "global" is modified in call to "printResources". +# 1176| } +# 1177| +# 1178|-> printResources(writer, "", global, type, smClient); +# 1179| +# 1180| } + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:606: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:607: set_thread_shared: Call to "log" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:611: path: Condition "name == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:611: path: Condition "name.length() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:620: path: Condition "host == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:627: path: Condition "host == installedHost", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:634: path: Condition "!host.getState().isAvailable()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:642: path: Throwing "org.apache.catalina.LifecycleException" (or subclass) from call to "stop". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:645: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:646: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:646: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:646: write: "super.config" is modified in call to "getServletContext". +# 644| name)); +# 645| } catch (Exception e) { +# 646|-> getServletContext().log(sm.getString( +# 647| "hostManagerServlet.stopFailed", name), e); +# 648| writer.println(smClient.getString("hostManagerServlet.stopFailed", + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:664: path: Condition "debug >= 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:665: set_thread_shared: Call to "log" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:670: path: Throwing "javax.management.MalformedObjectNameException" from call to "ObjectName". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:673: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:674: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:674: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java:674: write: "super.config" is modified in call to "getServletContext". +# 672| writer.println(smClient.getString("hostManagerServlet.persisted")); +# 673| } catch (Exception e) { +# 674|-> getServletContext().log(sm.getString("hostManagerServlet.persistFailed"), e); +# 675| writer.println(smClient.getString("hostManagerServlet.persistFailed")); +# 676| // catch InstanceNotFoundException when StoreConfig is not enabled instead of printing + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:39: returned_null: "findApplicationParameters" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findApplicationParameters".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:39: var_assigned: Assigning: "params" = "null" return value from "findApplicationParameters". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:40: null_array_length: Accessing length of null array "params". +# 38| +# 39| ApplicationParameter[] params = context.findApplicationParameters(); +# 40|-> String[] stringParams = new String[params.length]; +# 41| for (int counter = 0; counter < params.length; counter++) { +# 42| stringParams[counter] = params[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:60: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:60: var_assigned: Assigning: "constraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:61: null_array_length: Accessing length of null array "constraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 59| +# 60| SecurityConstraint[] constraints = context.findConstraints(); +# 61|-> String[] stringConstraints = new String[constraints.length]; +# 62| for (int counter = 0; counter < constraints.length; counter++) { +# 63| stringConstraints[counter] = constraints[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:80: returned_null: "findErrorPage" returns "null" (checked 2 out of 3 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPage".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:80: null_method_call: Calling a method on null object "context.findErrorPage(errorCode)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:221: example_assign: Example 1: Assigning: "errorPage" = return value from "context.findErrorPage(statusCode)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:222: example_checked: Example 1 (cont.): "errorPage" has its value checked in "errorPage == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:224: example_assign: Example 2: Assigning: "errorPage" = return value from "context.findErrorPage(0)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:226: example_checked: Example 2 (cont.): "errorPage" has its value checked in "errorPage != null". +# 78| public String findErrorPage(int errorCode) throws MBeanException { +# 79| Context context = doGetManagedResource(); +# 80|-> return context.findErrorPage(errorCode).toString(); +# 81| } +# 82| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:97: returned_null: "findErrorPage" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPage".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:97: null_method_call: Calling a method on null object "context.findErrorPage(exceptionType)". +# 95| public String findErrorPage(String exceptionType) throws MBeanException { +# 96| Context context = doGetManagedResource(); +# 97|-> return context.findErrorPage(exceptionType).toString(); +# 98| } +# 99| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:111: returned_null: "findErrorPage" returns "null" (checked 2 out of 3 times). (The virtual call resolves to "org.apache.catalina.core.StandardContext.findErrorPage".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:111: null_method_call: Calling a method on null object "context.findErrorPage(exceptionType)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:300: example_assign: Example 1: Assigning: "errorPage" = return value from "context.findErrorPage(throwable)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:301: example_checked: Example 1 (cont.): "errorPage" has its value checked in "errorPage == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:302: example_assign: Example 2: Assigning: "errorPage" = return value from "context.findErrorPage(realError)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java:305: example_checked: Example 2 (cont.): "errorPage" has its value checked in "errorPage != null". +# 109| public String findErrorPage(Throwable exceptionType) throws MBeanException { +# 110| Context context = doGetManagedResource(); +# 111|-> return context.findErrorPage(exceptionType).toString(); +# 112| } +# 113| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:125: returned_null: "findErrorPages" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findErrorPages".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:125: var_assigned: Assigning: "pages" = "null" return value from "findErrorPages". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:126: null_array_length: Accessing length of null array "pages". +# 124| +# 125| ErrorPage[] pages = context.findErrorPages(); +# 126|-> String[] stringPages = new String[pages.length]; +# 127| for (int counter = 0; counter < pages.length; counter++) { +# 128| stringPages[counter] = pages[counter].toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:147: returned_null: "findFilterDef" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findFilterDef".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:147: var_assigned: Assigning: "filterDef" = "null" return value from "findFilterDef". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java:148: null_method_call: Calling a method on null object "filterDef". +# 146| +# 147| FilterDef filterDef = context.findFilterDef(name); +# 148|-> return filterDef.toString(); +# 149| } +# 150| + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:311: identity: Calling "getCertificates". +* This call assigns "changeit" to "(this.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "this.defaultCertificate" to "this.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now "(this.certificates).certificateKeystor [...] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "getCertificates". This call returns "this.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates()".) Now "(getCertificates()).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "iterator". This call assigns "getCertificates()" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: identity: Calling "next". This call returns "getCertificates().iterator()". (The virtual call resolves to "java.util.Iterator.next()".) Now "getCertificates().iterator().next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:312: assign: Assigning: "certificate" = "(org.apache.tomcat.util.net.SSLHostConfigCertificate)getCertificates().iterator().next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:314: identity: Calling "JSSEUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:314: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.jsse.JSSEUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: password_use: Calling "getKeyManagers". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers()".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 317| setEnabledProtocols(sslUtil.getEnabledProtocols()); +# 318| setEnabledCiphers(sslUtil.getEnabledCiphers()); +# 319|-> sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null); +# 320| SSLSessionContext sessionContext = sslContext.getServerSessionContext(); +# 321| if (sessionContext != null) { +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java:319: note: trimmed 1 message(s) with length over 512 + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:240: returned_null: "getParentContainerFromParent" returns "null" (checked 3 out of 4 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:240: var_assigned: Assigning: "container" = "null" return value from "getParentContainerFromParent". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:242: null_method_call: Calling a method on null object "container". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:579: example_assign: Example 1: Assigning: "container" = return value from "getParentContainerFromParent(pname)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:580: example_checked: Example 1 (cont.): "container" has its value checked in "container instanceof org.apache.catalina.Context". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:635: example_assign: Example 2: Assigning: "container" = return value from "getParentContainerFromParent(parentName)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:637: example_checked: Example 2 (cont.): "container" has its value checked in "container == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:670: example_assign: Example 3: Assigning: "container" = return value from "getParentContainerFromParent(pname)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java:671: example_checked: Example 3 (cont.): "container" has its value checked in "container instanceof org.apache.catalina.Context". +# 240| Container container = getParentContainerFromParent(pname); +# 241| // Add the new instance to its parent component +# 242|-> container.setRealm(realm); +# 243| // Return the corresponding MBean name +# 244| ObjectName oname = null; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java:114: returned_null: "getExecutor" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.StandardService.getExecutor".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java:114: var_assigned: Assigning: "executor" = "null" return value from "getExecutor". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java:115: null_method_call: Calling a method on null object "executor". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ConnectorCreateRule.java:62: example_assign: Example 1: Assigning: "ex" = return value from "svc.getExecutor(executorName)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ConnectorCreateRule.java:66: example_checked: Example 1 (cont.): "ex" has its value checked in "ex != null". +# 113| Service service = doGetManagedResource(); +# 114| Executor executor = service.getExecutor(name); +# 115|-> return executor.toString(); +# 116| } +# 117| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java:384: path: Condition "localDataSource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java:388: returned_null: "getServer" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java:388: null_method_call: Calling a method on null object "getServer()". +# 386| context = (Context) context.lookup("comp/env"); +# 387| } else { +# 388|-> context = getServer().getGlobalNamingContext(); +# 389| } +# 390| DataSource dataSource = (DataSource)context.lookup(dataSourceName); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1319: path: Condition "username == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1319: path: Condition "username.equals("")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1319: path: Condition "credentials == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1319: path: Condition "credentials.equals("")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1332: path: Condition "!isUseContextClassLoader()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1337: path: Condition "userPatternArray != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1338: path: Condition "curUserPattern < userPatternArray.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1341: path: Condition "user != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1361: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1338: path: Condition "curUserPattern < userPatternArray.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1341: path: Condition "user != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1344: path: Condition "checkCredentials(connection.context, user, credentials)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1346: returned_null: "getRoles" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1346: var_assigned: Assigning: "roles" = "null" return value from "getRoles". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1347: path: Condition "containerLog.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:1348: null_method_call: Calling a method on null object "roles". +# 1346| List roles = getRoles(connection, user); +# 1347| if (containerLog.isDebugEnabled()) { +# 1348|-> containerLog.debug("Found roles: " + roles.toString()); +# 1349| } +# 1350| return new GenericPrincipal(username, credentials, roles); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2718: path: Iterating over another element of "java.util.Arrays.asList("java.naming.security.authentication", "java.naming.security.credentials", "java.naming.security.principal", "java.naming.security.protocol")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2721: path: Condition "entry != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2724: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2718: path: No elements left in "java.util.Arrays.asList("java.naming.security.authentication", "java.naming.security.credentials", "java.naming.security.principal", "java.naming.security.protocol")", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2727: new_resource: "new javax.naming.ldap.InitialLdapContext(env, null)" creates a new resource. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2727: var_assign: Assigning: "result" = resource returned from "new javax.naming.ldap.InitialLdapContext(env, null)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2728: noescape: Resource "result" is not closed or saved in "extendedOperation". (The virtual call resolves to "javax.naming.ldap.InitialLdapContext.extendedOperation".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2729: path: Condition "getHostnameVerifier() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2732: path: Condition "getCipherSuitesArray() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2738: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2742: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2743: path: Iterating over another element of "savedEnv.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2745: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2743: path: Iterating over another element of "savedEnv.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2744: path: Throwing "javax.naming.NamingException" (or subclass) from call to "addToEnvironment"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java:2744: leaked_resource: Variable "result" going out of scope leaks the resource it refers to. +# 2742| if (result != null) { +# 2743| for (Map.Entry savedEntry : savedEnv.entrySet()) { +# 2744|-> result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue()); +# 2745| } +# 2746| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:819: path: Condition "constraints == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:819: path: Condition "constraints.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:827: path: No elements left in "constraints", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "!denyfromall", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "allRolesMode != org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_MODE", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "!status", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:883: path: Condition "principal != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:885: path: Condition "org.apache.catalina.realm.RealmBase.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:889: path: Iterating over another element of "constraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:892: path: Condition "constraint.getAllRoles()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:893: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:903: path: Condition "roles.length == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:903: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:911: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:889: path: Iterating over another element of "constraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:892: path: Condition "constraint.getAllRoles()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:893: path: Condition "allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:902: returned_null: "findSecurityRoles" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findSecurityRoles".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:902: var_assigned: Assigning: "roles" = "null" return value from "findSecurityRoles". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:903: null_array_length: Accessing length of null array "roles". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:831: example_assign: Example 1: Assigning: "roles" = return value from "request.getContext().findSecurityRoles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:836: example_checked: Example 1 (cont.): "roles" has its value checked in "roles == null". +# 901| // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles +# 902| roles = request.getContext().findSecurityRoles(); +# 903|-> if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) { +# 904| if (log.isDebugEnabled()) { +# 905| log.debug("Granting access for role-name=*, strict auth-only"); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:219: path: Condition "database == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:221: path: Condition "database == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:224: path: Condition "localJndiResource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:228: returned_null: "getServer" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java:228: null_method_call: Calling a method on null object "getServer()". +# 226| context = (Context) context.lookup("comp/env"); +# 227| } else { +# 228|-> context = getServer().getGlobalNamingContext(); +# 229| } +# 230| database = (UserDatabase) context.lookup(resourceName); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:541: set_thread_shared: Call to "getServletConfig" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:550: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:550: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:550: write: "super.config" is modified in call to "getServletContext". +# 548| // Document the servlet context properties +# 549| log.trace("ServletContext Properties"); +# 550|-> log.trace("Major Version: [" + getServletContext().getMajorVersion() + "]"); +# 551| log.trace("Minor Version: [" + getServletContext().getMinorVersion() + "]"); +# 552| log.trace("Real Path for '/': [" + getServletContext().getRealPath("/") + "]"); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:550: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:551: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:551: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:551: write: "super.config" is modified in call to "getServletContext". +# 549| log.trace("ServletContext Properties"); +# 550| log.trace("Major Version: [" + getServletContext().getMajorVersion() + "]"); +# 551|-> log.trace("Minor Version: [" + getServletContext().getMinorVersion() + "]"); +# 552| log.trace("Real Path for '/': [" + getServletContext().getRealPath("/") + "]"); +# 553| log.trace("Server Info: [" + getServletContext().getServerInfo() + "]"); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:551: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:552: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:552: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:552: write: "super.config" is modified in call to "getServletContext". +# 550| log.trace("Major Version: [" + getServletContext().getMajorVersion() + "]"); +# 551| log.trace("Minor Version: [" + getServletContext().getMinorVersion() + "]"); +# 552|-> log.trace("Real Path for '/': [" + getServletContext().getRealPath("/") + "]"); +# 553| log.trace("Server Info: [" + getServletContext().getServerInfo() + "]"); +# 554| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:552: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:553: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:553: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:553: write: "super.config" is modified in call to "getServletContext". +# 551| log.trace("Minor Version: [" + getServletContext().getMinorVersion() + "]"); +# 552| log.trace("Real Path for '/': [" + getServletContext().getRealPath("/") + "]"); +# 553|-> log.trace("Server Info: [" + getServletContext().getServerInfo() + "]"); +# 554| +# 555| // Document the servlet context initialization parameters + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:553: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:557: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:557: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:557: write: "super.config" is modified in call to "getServletContext". +# 555| // Document the servlet context initialization parameters +# 556| log.trace("ServletContext Initialization Parameters"); +# 557|-> params = getServletContext().getInitParameterNames(); +# 558| while (params.hasMoreElements()) { +# 559| String param = params.nextElement(); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:557: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:558: path: Condition "params.hasMoreElements()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:560: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:560: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:560: write: "super.config" is modified in call to "getServletContext". +# 558| while (params.hasMoreElements()) { +# 559| String param = params.nextElement(); +# 560|-> String value = getServletContext().getInitParameter(param); +# 561| log.trace("Servlet Context Init Param: " + param + ": [" + value + "]"); +# 562| } + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:557: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:558: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:566: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:566: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:566: write: "super.config" is modified in call to "getServletContext". +# 564| // Document the servlet context attributes +# 565| log.trace("ServletContext Attributes"); +# 566|-> attrs = getServletContext().getAttributeNames(); +# 567| while (attrs.hasMoreElements()) { +# 568| String attr = attrs.nextElement(); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:461: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:469: path: Condition "locales.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:474: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:493: path: Condition "cookies != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: Iterating over another element of "cookies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:496: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:494: path: No elements left in "cookies", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:499: path: Condition "headers.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:519: path: Condition "session != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:530: path: Condition "attrs.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:542: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:558: path: Condition "params.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:566: set_thread_shared: Call to "getServletContext" sets "super.config" to a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:567: path: Condition "attrs.hasMoreElements()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:569: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:569: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:569: write: "super.config" is modified in call to "getServletContext". +# 567| while (attrs.hasMoreElements()) { +# 568| String attr = attrs.nextElement(); +# 569|-> log.trace("Servlet Context Attribute: " + attr + +# 570| ": [" + getServletContext().getAttribute(attr) + "]"); +# 571| } + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:603: thread_entry_point: "doGet" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:606: thread_unsafe_modification: Thread-shared "super.config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:606: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:606: write: "super.config" is modified in call to "getServletContext". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:606: thread_shared_data: "this" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 604| throws ServletException, IOException { +# 605| +# 606|-> CGIEnvironment cgiEnv = new CGIEnvironment(req, getServletContext()); +# 607| +# 608| if (cgiEnv.isValid()) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1594: path: Condition "!isReady()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1598: path: Condition "org.apache.catalina.servlets.CGIServlet.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(java.io.File.separator + "." + java.io.File.separator)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(java.io.File.separator + "..")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1602: path: Condition "command.contains(".." + java.io.File.separator)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1623: path: Condition "cgiExecutable.length() != 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1626: path: Condition "cgiExecutableArgs != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1640: path: Condition "!"".equals(sContentLength)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1641: alloc_fn: A new resource is returned from allocation method "getOutputStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1641: var_assign: Assigning: "commandsStdIn" = resource returned from "new java.io.BufferedOutputStream(proc.getOutputStream())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1642: noescape: Resource "commandsStdIn" is not closed or saved in "flow". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1643: noescape: Resource "commandsStdIn" is not closed or saved in "flush". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1643: path: Throwing "java.io.IOException" (or subclass) from call to "flush". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1733: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1735: path: Throwing "java.io.IOException" (or subclass). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1738: path: Condition "cgiHeaderReader != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1746: path: Condition "cgiOutput != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1754: path: Condition "errReaderThread != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1760: path: Condition "proc != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1764: path: Leaving finally statement; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java:1764: leaked_resource: Variable "commandsStdIn" going out of scope leaks the resource it refers to. +# 1762| proc = null; +# 1763| } +# 1764|-> } +# 1765| } +# 1766| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:629: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:626: thread_entry_point: "doPut" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:636: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 634| String path = getRelativePath(req); +# 635| +# 636|-> WebResource resource = resources.getResource(path); +# 637| +# 638| Range range = parseContentRange(req, resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:702: path: Condition "contentFile.createNewFile()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:710: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 708| new RandomAccessFile(contentFile, "rw")) { +# 709| +# 710|-> WebResource oldResource = resources.getResource(path); +# 711| +# 712| // Copy data in oldRevisionContent to contentFile + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:758: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:755: thread_entry_point: "doDelete" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:765: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 763| String path = getRelativePath(req); +# 764| +# 765|-> WebResource resource = resources.getResource(path); +# 766| +# 767| if (resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:839: path: Condition "debug > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:840: path: Condition "serveContent", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:843: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:849: path: Condition "path.length() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:855: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 853| } +# 854| +# 855|-> WebResource resource = resources.getResource(path); +# 856| boolean isError = DispatcherType.ERROR == request.getDispatcherType(); +# 857| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.exists()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.isFile()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1341: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.exists()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.isFile()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1341: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.exists()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1338: path: Condition "precompressedResource.isFile()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1341: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1336: path: Iterating over another element of "compressionFormats". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:1337: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1335| List ret = new ArrayList<>(compressionFormats.length); +# 1336| for (CompressionFormat format : compressionFormats) { +# 1337|-> WebResource precompressedResource = resources.getResource(path + format.extension); +# 1338| if (precompressedResource.exists() && precompressedResource.isFile()) { +# 1339| ret.add(new PrecompressedResource(precompressedResource, format)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:492: path: Condition "!listings", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:498: path: Condition "path.length() > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:498: path: Condition "path.endsWith("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:511: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:513: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:525: path: Condition "req.getContentLengthLong() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:538: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:540: path: Breaking from switch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:538: path: Switch case value "org.w3c.dom.Node.ELEMENT_NODE". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:542: path: Condition "currentNode.getNodeName().endsWith("prop")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:546: path: Condition "currentNode.getNodeName().endsWith("propname")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:549: path: Condition "currentNode.getNodeName().endsWith("allprop")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:552: path: Breaking from switch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:555: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:562: path: Condition "type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:590: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:590: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:590: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:590: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 588| } +# 589| +# 590|-> WebResource resource = resources.getResource(path); +# 591| +# 592| if (!resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:492: path: Condition "!listings", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:498: path: Condition "path.length() > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:498: path: Condition "path.endsWith("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:511: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:513: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:525: path: Condition "req.getContentLengthLong() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:538: path: Switch case value "org.w3c.dom.Node.TEXT_NODE". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:540: path: Breaking from switch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:538: path: Switch case value "org.w3c.dom.Node.ELEMENT_NODE". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:542: path: Condition "currentNode.getNodeName().endsWith("prop")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:546: path: Condition "currentNode.getNodeName().endsWith("propname")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:549: path: Condition "currentNode.getNodeName().endsWith("allprop")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:552: path: Breaking from switch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:554: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:536: path: Condition "i < childList.getLength()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:555: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:562: path: Condition "type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:592: path: Condition "!resource.exists()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:626: path: Condition "!resource.exists()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:642: path: Condition "depth == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:653: path: Condition "!stack.isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:653: path: Condition "depth >= 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:661: path: Condition "resource.isDirectory()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:696: path: Condition "stack.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:704: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:653: path: Condition "!stack.isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:653: path: Condition "depth >= 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:659: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:659: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:659: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:659: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 657| type, properties); +# 658| +# 659|-> resource = resources.getResource(currentPath); +# 660| +# 661| if (resource.isDirectory() && (depth > 0)) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:750: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:750: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:750: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:750: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 748| String path = getRelativePath(req); +# 749| +# 750|-> WebResource resource = resources.getResource(path); +# 751| +# 752| // Can't create a collection if a resource already exists at the given + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:834: path: Condition "isLocked(req)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:840: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:831: thread_entry_point: "doPut" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:840: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:840: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:840: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 838| +# 839| String path = getRelativePath(req); +# 840|-> WebResource resource = resources.getResource(path); +# 841| if (resource.isDirectory()) { +# 842| sendNotAllowed(req, resp); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:910: path: Condition "readOnly", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:915: path: Condition "isLocked(req)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:928: path: Condition "depthStr == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:930: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:942: path: Condition "lockDurationStr == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:944: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:979: path: Throwing "java.io.IOException" from call to "parse". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:985: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:989: path: Condition "lockInfoNode != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1114: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1114: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1114: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1114: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1112| lock.path = path; +# 1113| +# 1114|-> WebResource resource = resources.getResource(path); +# 1115| +# 1116| Enumeration locksList = null; + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1553: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1553: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1553: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1553: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1551| // Check the source exists +# 1552| String path = getRelativePath(req); +# 1553|-> WebResource source = resources.getResource(path); +# 1554| if (!source.exists()) { +# 1555| resp.sendError(WebdavStatus.SC_NOT_FOUND); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1554: path: Condition "!source.exists()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1563: path: Condition "destinationHeader == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1563: path: Condition "destinationHeader.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1571: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1579: path: Condition "!destinationPath.equals(org.apache.tomcat.util.http.RequestUtil.normalize(destinationPath))", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1584: path: Condition "destinationUri.isAbsolute()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1586: path: Condition "!req.getScheme().equals(destinationUri.getScheme())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1586: path: Condition "!req.getServerName().equals(destinationUri.getHost())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1593: path: Condition "req.getServerPort() != destinationUri.getPort()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1594: path: Condition "destinationUri.getPort() == -1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1594: path: Condition ""http".equals(req.getScheme())", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1594: path: Condition "req.getServerPort() == 80", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1598: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1607: path: Condition "!destinationPath.startsWith(reqContextPath + "/")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1615: path: Condition "debug > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1620: path: Condition "isSpecialPath(destinationPath)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1625: path: Condition "destinationPath.equals(path)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1631: path: Condition "destinationPath.startsWith(path)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1631: path: Condition "destinationPath.charAt(path.length()) == '/'", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1631: path: Condition "path.startsWith(destinationPath)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1631: path: Condition "path.charAt(destinationPath.length()) == '/'", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1639: path: Condition "overwriteHeader != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1640: path: Condition "overwriteHeader.equalsIgnoreCase("T")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1642: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1648: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1648: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1648: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1648: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1646| +# 1647| // Overwriting the destination +# 1648|-> WebResource destination = resources.getResource(destinationPath); +# 1649| if (overwrite) { +# 1650| // Delete destination resource, if it exists + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1708: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1712: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1712: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1712: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1712: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1710| } +# 1711| +# 1712|-> WebResource sourceResource = resources.getResource(source); +# 1713| +# 1714| if (sourceResource.isDirectory()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1708: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1714: path: Condition "sourceResource.isDirectory()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1715: path: Condition "!resources.mkdir(dest)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1716: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1716: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1716: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1716: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1714| if (sourceResource.isDirectory()) { +# 1715| if (!resources.mkdir(dest)) { +# 1716|-> WebResource destResource = resources.getResource(dest); +# 1717| if (!destResource.isDirectory()) { +# 1718| errorList.put(dest, Integer.valueOf(WebdavStatus.SC_CONFLICT)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1708: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1714: path: Condition "sourceResource.isDirectory()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: path: Condition "sourceResource.isFile()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1738: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1736| } +# 1737| } else if (sourceResource.isFile()) { +# 1738|-> WebResource destResource = resources.getResource(dest); +# 1739| if (!destResource.exists() && !destResource.getWebappPath().endsWith("/")) { +# 1740| int lastSlash = destResource.getWebappPath().lastIndexOf('/'); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1708: path: Condition "debug > 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1714: path: Condition "sourceResource.isDirectory()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1737: path: Condition "sourceResource.isFile()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1739: path: Condition "!destResource.exists()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1739: path: Condition "!destResource.getWebappPath().endsWith("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1741: path: Condition "lastSlash > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1743: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1743: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1743: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1743: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1741| if (lastSlash > 0) { +# 1742| String parent = destResource.getWebappPath().substring(0, lastSlash); +# 1743|-> WebResource parentResource = resources.getResource(parent); +# 1744| if (!parentResource.isDirectory()) { +# 1745| errorList.put(source, Integer.valueOf(WebdavStatus.SC_CONFLICT)); + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1808: path: Condition "ifHeader == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1813: path: Condition "lockTokenHeader == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1817: path: Condition "isLocked(path, ifHeader + lockTokenHeader)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1822: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1822: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1822: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1822: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1820| } +# 1821| +# 1822|-> WebResource resource = resources.getResource(path); +# 1823| +# 1824| if (!resource.exists()) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1981: path: Condition "isSpecialPath(path)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1985: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1985: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1985: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:1985: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 1983| } +# 1984| +# 1985|-> WebResource resource = resources.getResource(path); +# 1986| if (!resource.exists()) { +# 1987| // File is in directory listing but doesn't appear to exist + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:2346: thread_shared_data: "this" is thread-shared because it has type "org.apache.catalina.servlets.DefaultServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java:137: thread_shared_derived: "org.apache.catalina.servlets.DefaultServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:2346: thread_unsafe_modification: Thread-shared "resources" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:2346: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java:2346: write: "resources" is modified in call to "getResource". (The virtual call resolves to "org.apache.catalina.webresources.StandardRoot.getResource".) +# 2344| +# 2345| +# 2346|-> WebResource resource = resources.getResource(getRelativePath(req)); +# 2347| +# 2348| // These methods are always allowed. They may return a 404 (not a 405) + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:890: path: Condition "result != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:899: path: Condition "sessions.containsKey(result)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:890: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:894: read_volatile: Reading "duplicates", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:894: intervening_update: Another thread writes to "duplicates". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java:894: stale_update: Updating "duplicates" based on a stale value. Any intervening update in another thread is overwritten. +# 892| // that is not a big deal since the fact that there was any +# 893| // duplicate is a much bigger issue. +# 894|-> duplicates++; +# 895| } +# 896| + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:53: path: Condition "paramName.equalsIgnoreCase("cgi")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:57: path: Condition "paramName.equalsIgnoreCase("cmd")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:65: alloc_fn: A new resource is returned from allocation method "getErrorStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:65: var_assign: Assigning: "stdErrReader" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader(proc.getErrorStream()))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:68: noescape: Resource "stdErrReader" is not closed or saved in "flow". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:72: leaked_resource: Variable "stdErrReader" going out of scope leaks the resource it refers to. +# 70| proc.waitFor(); +# 71| lastModified = System.currentTimeMillis(); +# 72|-> } catch (InterruptedException e) { +# 73| ssiMediator.log(sm.getString("ssiExec.executeFailed", substitutedValue), e); +# 74| writer.write(configErrMsg); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:53: path: Condition "paramName.equalsIgnoreCase("cgi")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:57: path: Condition "paramName.equalsIgnoreCase("cmd")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:63: alloc_fn: A new resource is returned from allocation method "getInputStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:63: var_assign: Assigning: "stdOutReader" = resource returned from "new java.io.BufferedReader(new java.io.InputStreamReader(proc.getInputStream()))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:69: noescape: Resource "stdOutReader" is not closed or saved in "flow". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java:72: leaked_resource: Variable "stdOutReader" going out of scope leaks the resource it refers to. +# 70| proc.waitFor(); +# 71| lastModified = System.currentTimeMillis(); +# 72|-> } catch (InterruptedException e) { +# 73| ssiMediator.log(sm.getString("ssiExec.executeFailed", substitutedValue), e); +# 74| writer.write(configErrMsg); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:199: path: Condition "buffered", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:202: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:207: alloc_fn: A new resource is returned from allocation method "getInputStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:207: var_assign: Assigning: "resourceInputStream" = resource returned from "resourceInfo.getInputStream()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:209: path: Condition "encoding == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:213: path: Condition "encoding == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:214: var_assign: Assigning: "isr" = resource returned from "new java.io.InputStreamReader(resourceInputStream)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:215: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:218: var_assign: Assigning: "bufferedReader" = resource returned from "new java.io.BufferedReader(isr)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:220: noescape: Resource "bufferedReader" is not closed or saved in "process". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:220: path: Throwing "java.io.IOException" (or subclass) from call to "process"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "bufferedReader" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "isr" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:220: leaked_resource: Variable "resourceInputStream" going out of scope leaks the resource it refers to. +# 218| BufferedReader bufferedReader = new BufferedReader(isr); +# 219| +# 220|-> long lastModified = ssiProcessor.process(bufferedReader, +# 221| resourceInfo.getLastModified(), printWriter); +# 222| if (lastModified > 0) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1032: path: Condition "org.apache.catalina.startup.ContextConfig.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1040: path: Condition "i < children.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1042: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1040: path: Condition "i < children.length", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1055: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1055: var_assigned: Assigning: "securityConstraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1056: null_array_length: Accessing length of null array "securityConstraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 1054| // Removing security constraints +# 1055| SecurityConstraint[] securityConstraints = context.findConstraints(); +# 1056|-> for (i = 0; i < securityConstraints.length; i++) { +# 1057| context.removeConstraint(securityConstraints[i]); +# 1058| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1189: returned_null: "findConstraints" returns "null" (checked 1 out of 4 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findConstraints".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1189: var_assigned: Assigning: "constraints" = "null" return value from "findConstraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1190: null_array_length: Accessing length of null array "constraints". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:552: example_assign: Example 1: Assigning: "constraints" = return value from "context.findConstraints()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java:553: example_checked: Example 1 (cont.): "constraints" has its value checked in "constraints == null". +# 1188| // Check role names used in elements +# 1189| SecurityConstraint constraints[] = context.findConstraints(); +# 1190|-> for (SecurityConstraint constraint : constraints) { +# 1191| String roles[] = constraint.findAuthRoles(); +# 1192| for (String role : roles) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1514: null_method_call: Calling a method on null object "wrapper". +# 1512| +# 1513| if (servlet.getLoadOnStartup() != null) { +# 1514|-> wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue()); +# 1515| } +# 1516| if (servlet.getEnabled() != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1516: path: Condition "servlet.getEnabled() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1517: null_method_call: Calling a method on null object "wrapper". +# 1515| } +# 1516| if (servlet.getEnabled() != null) { +# 1517|-> wrapper.setEnabled(servlet.getEnabled().booleanValue()); +# 1518| } +# 1519| wrapper.setName(servlet.getServletName()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1427: path: No elements left in "webxml.getContextParams().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1434: path: No elements left in "webxml.getEjbLocalRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1437: path: No elements left in "webxml.getEjbRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1440: path: No elements left in "webxml.getEnvEntries().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1443: path: No elements left in "webxml.getErrorPages().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1446: path: No elements left in "webxml.getFilters().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1452: path: No elements left in "webxml.getFilterMappings()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1456: path: No elements left in "webxml.getListeners()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1459: path: No elements left in "webxml.getLocaleEncodingMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1465: path: Condition "webxml.getLoginConfig() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1468: path: No elements left in "webxml.getMessageDestinationRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1476: path: No elements left in "webxml.getMimeMappings().entrySet()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1482: path: No elements left in "webxml.getResourceEnvRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1486: path: No elements left in "webxml.getResourceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1493: path: No elements left in "webxml.getSecurityConstraints()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1499: path: No elements left in "webxml.getSecurityRoles()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1502: path: No elements left in "webxml.getServiceRefs().values()", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1505: path: Iterating over another element of "webxml.getServlets().values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1506: var_assigned: Assigning: "wrapper" = "null" return value from "createWrapper". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1513: path: Condition "servlet.getLoadOnStartup() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1516: path: Condition "servlet.getEnabled() != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1519: null_method_call: Calling a method on null object "wrapper". +# 1517| wrapper.setEnabled(servlet.getEnabled().booleanValue()); +# 1518| } +# 1519|-> wrapper.setName(servlet.getServletName()); +# 1520| Map params = servlet.getParameterMap(); +# 1521| for (Entry entry : params.entrySet()) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2119: returned_null: "getJarScanner" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.getJarScanner".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2119: var_assigned: Assigning: "jarScanner" = "null" return value from "getJarScanner". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2121: path: Condition "context instanceof org.apache.catalina.core.StandardContext", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "absoluteOrder != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "absoluteOrder.isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2126: path: Condition "!context.getXmlValidation()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2136: null_method_call: Calling a method on null object "jarScanner". +# 2134| new FragmentJarScannerCallback(webXmlParser, delegate, parseRequired); +# 2135| +# 2136|-> jarScanner.scan(JarScanType.PLUGGABILITY, +# 2137| context.getServletContext(), callback); +# 2138| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2211: returned_null: "getServer" returns "null" (checked 1 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2211: var_assigned: Assigning: "s" = "null" return value from "getServer". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2213: null_method_call: Calling a method on null object "s". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1145: example_assign: Example 1: Assigning: "s" = return value from "getServer()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:1146: example_checked: Example 1 (cont.): "s" has its value checked in "s != null". +# 2211| Server s = getServer(); +# 2212| ExecutorService pool = null; +# 2213|-> pool = s.getUtilityExecutor(); +# 2214| List> futures = new ArrayList<>(fragments.size()); +# 2215| for (WebXml fragment : fragments) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java:619: path: Condition "org.apache.catalina.startup.HostConfig.log.isInfoEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java:624: assign_zero: Assigning: "context" = "null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java:629: path: Throwing "java.io.FileNotFoundException" (or subclass) from call to "FileInputStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java:691: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java:699: null_method_call: Calling a method on null object "context". +# 697| // default to appBase dir + name +# 698| expandedDocBase = new File(host.getAppBaseFile(), cn.getBaseName()); +# 699|-> if (context.getDocBase() != null && !context.getDocBase().toLowerCase(Locale.ENGLISH).endsWith(".war")) { +# 700| // first assume docBase is absolute +# 701| expandedDocBase = new File(context.getDocBase()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java:387: returned_null: "createWrapper" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.createWrapper".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java:387: var_assigned: Assigning: "sw" = "null" return value from "createWrapper". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java:388: null_method_call: Calling a method on null object "sw". +# 386| // will do class for name and set init params +# 387| Wrapper sw = ctx.createWrapper(); +# 388|-> sw.setServletClass(servletClass); +# 389| sw.setName(servletName); +# 390| ctx.addChild(sw); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java:81: returned_null: "findApplicationListeners" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.catalina.startup.FailedContext.findApplicationListeners".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java:81: var_assigned: Assigning: "applicationListeners" = "null" return value from "findApplicationListeners". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java:82: null_array_length: Accessing length of null array "applicationListeners". +# 80| protected static void loadApplicationListenerAnnotations(Context context) { +# 81| String[] applicationListeners = context.findApplicationListeners(); +# 82|-> for (String className : applicationListeners) { +# 83| Class clazz = Introspection.loadClass(context, className); +# 84| if (clazz == null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:71: path: Condition "aContext instanceof org.apache.catalina.core.StandardContext", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:72: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:72: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java:74: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 72| StoreDescription desc = getRegistry().findDescription( +# 73| aContext.getClass()); +# 74|-> if (desc.isStoreSeparate()) { +# 75| URL configFile = ((StandardContext) aContext) +# 76| .getConfigFile(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:273: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:273: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:274: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 272| try { +# 273| desc = getRegistry().findDescription(aContext.getClass()); +# 274|-> oldSeparate = desc.isStoreSeparate(); +# 275| desc.setStoreSeparate(false); +# 276| desc.getStoreFactory().store(aWriter, indent, aContext); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:291: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:291: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:293: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 291| StoreDescription desc = getRegistry().findDescription( +# 292| aHost.getClass()); +# 293|-> desc.getStoreFactory().store(aWriter, indent, aHost); +# 294| } +# 295| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:303: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:303: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:305: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 303| StoreDescription desc = getRegistry().findDescription( +# 304| aService.getClass()); +# 305|-> desc.getStoreFactory().store(aWriter, indent, aService); +# 306| } +# 307| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:315: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:315: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java:317: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 315| StoreDescription desc = getRegistry().findDescription( +# 316| aServer.getClass()); +# 317|-> desc.getStoreFactory().store(writer, indent, aServer); +# 318| } +# 319| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:64: path: Condition "isPrint", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:66: path: Condition ""workDir".equals(attrName)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:67: returned_null: "getDefaultWorkDir" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:67: var_assigned: Assigning: "defaultWorkDir" = "null" return value from "getDefaultWorkDir". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java:68: null_method_call: Calling a method on null object "defaultWorkDir". +# 66| if ("workDir".equals(attrName)) { +# 67| String defaultWorkDir = getDefaultWorkDir(context); +# 68|-> isPrint = !defaultWorkDir.equals(context.getWorkDir()); +# 69| } else if ("path".equals(attrName)) { +# 70| isPrint = desc.isStoreSeparate() + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:163: path: Condition "aTagElement != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:167: path: Condition "elementFactory != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:168: returned_null: "findDescription" returns "null" (checked 11 out of 17 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:168: var_assigned: Assigning: "desc" = "null" return value from "findDescription". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java:170: null_method_call: Calling a method on null object "desc". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:37: example_assign: Example 1: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java:40: example_checked: Example 1 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:37: example_assign: Example 2: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java:40: example_checked: Example 2 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:41: example_assign: Example 3: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java:43: example_checked: Example 3 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:42: example_assign: Example 4: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java:44: example_checked: Example 4 (cont.): "elementDesc" has its value checked in "elementDesc != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:45: example_assign: Example 5: Assigning: "elementDesc" = return value from "getRegistry().findDescription(aElement.getClass())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java:47: example_checked: Example 5 (cont.): "elementDesc" has its value checked in "elementDesc != null". +# 168| StoreDescription desc = getRegistry().findDescription( +# 169| aTagElement.getClass()); +# 170|-> if (!desc.isTransientChild(aTagElement.getClass().getName())) { +# 171| elementFactory.store(aWriter, indent, aTagElement); +# 172| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:291: path: Condition "head == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:294: path: Condition "add == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:297: path: Condition "head == add", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:301: path: Condition "head.getMsgNr() > add.getMsgNr()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:307: assign_zero: Assigning: "prev" = "null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:308: path: Condition "iter.getMsgNr() < add.getMsgNr()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:308: path: Condition "iter.next != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:312: path: Condition "iter.getMsgNr() < add.getMsgNr()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:316: path: Condition "iter.getMsgNr() > add.getMsgNr()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java:318: null_field_access: Accessing field of null object "prev". +# 316| } else if (iter.getMsgNr() > add.getMsgNr()) { +# 317| //add before +# 318|-> prev.next = add; // prev cannot be null here, warning suppressed +# 319| add.next = iter; +# 320| + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:50: path: Condition "(level & 4 /* org.apache.catalina.tribes.MembershipService.MBR_RX */) == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:59: path: Condition "org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:69: path: Condition "caCertFile == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:73: path: Condition "clientCertificateFile == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:74: path: Condition "protocol == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:78: path: Condition "saTokenFile == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: alloc_fn: A new resource is returned from allocation method "getDefault". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: noescape: Resource "java.nio.file.FileSystems.getDefault()" is not closed or saved in "getPath". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java:82: leaked_resource: Failing to save or close resource created by "java.nio.file.FileSystems.getDefault()" leaks it. +# 80| } +# 81| try { +# 82|-> byte[] bytes = Files.readAllBytes(FileSystems.getDefault().getPath(saTokenFile)); +# 83| streamProvider = new TokenStreamProvider(new String(bytes, StandardCharsets.US_ASCII), caCertFile); +# 84| } catch (IOException e) { + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1209: path: Condition "notify", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1211: return_collection_alias: Call to "keySet" returns an "Iterable" equivalent to "this". [Note: The source code implementation of the function has been overridden by a builtin model.] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1211: enhanced_for: Starting an iteration on "keySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1211: path: Iterating over another element of "keySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1212: modify_iterable: Call to "remove" modifies "Iterable" "this" which invalidates the iterator for the loop on "keySet()". [Note: The source code implementation of the function has been overridden by a builtin model.] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1213: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java:1211: invalid_loop: Attempting to obtain another element from "keySet()" after it's been modified. +# 1209| if ( notify ) { +# 1210| //only delete active keys +# 1211|-> for (K k : keySet()) { +# 1212| remove(k); +# 1213| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "!isConnected()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "this.socketChannel == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: var_compare_op: Comparing "this.socketChannel" to null implies that "this.socketChannel" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:203: path: Condition "this.dataChannel == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:206: path: Condition "current != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:207: path: Condition "remaining > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java:210: null_method_call: Calling a method on null object "socketChannel". +# 208| //we have written everything, or we are starting a new package +# 209| //protect against buffer overwrite +# 210|-> int byteswritten = isUdpBased()?dataChannel.write(writebuf) : socketChannel.write(writebuf); +# 211| if (byteswritten == -1 ) { +# 212| throw new EOFException(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:468: jdbc_fn: An open JDBC connection is returned from "openConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:468: var_assign: Assigning: "dbConnection" = JDBC connection returned from "openConnection()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:469: path: Condition "dbConnection != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:469: path: Condition "preparedAllGroups != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:490: leaked_connection: Variable "dbConnection" going out of scope leaks the connection it holds open. +# 488| } +# 489| } +# 490|-> return groups.values().iterator(); +# 491| } finally { +# 492| groupsReadLock.unlock(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:509: jdbc_fn: An open JDBC connection is returned from "openConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:509: var_assign: Assigning: "dbConnection" = JDBC connection returned from "openConnection()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:510: path: Condition "dbConnection != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:510: path: Condition "preparedAllRoles != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java:531: leaked_connection: Variable "dbConnection" going out of scope leaks the connection it holds open. +# 529| } +# 530| } +# 531|-> return roles.values().iterator(); +# 532| } finally { +# 533| rolesReadLock.unlock(); + +Error: UNUSED_VALUE (CWE-563): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:437: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:442: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:447: value_overwrite: Overwriting previous write to "result" with value from "buf.toString()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java:452: returned_reference: Assigning value from "buf.toString()" to "result" here, but that stored value is overwritten before it can be used. +# 450| return result; +# 451| case ')': +# 452|-> result = buf.toString(); +# 453| buf = new StringBuilder(); +# 454| break; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:156: path: Condition "key.equals("HTTPS")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:158: path: Condition "key.equals("SSL_PROTOCOL")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:160: path: Condition "key.equals("SSL_SESSION_ID")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:162: path: Condition "key.equals("SSL_SESSION_RESUMED")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:164: path: Condition "key.equals("SSL_SECURE_RENEG")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:166: path: Condition "key.equals("SSL_COMPRESS_METHOD")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:168: path: Condition "key.equals("SSL_TLS_SNI")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:170: path: Condition "key.equals("SSL_CIPHER")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:172: path: Condition "key.equals("SSL_CIPHER_EXPORT")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:184: path: Condition "key.equals("SSL_CIPHER_ALGKEYSIZE")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:191: path: Condition "key.equals("SSL_CIPHER_USEKEYSIZE")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:192: returned_null: "getKeySize" returns "null" (checked 1 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java:192: null_method_call: Calling a method on null object "sslSupport.getKeySize()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProcessor.java:802: example_assign: Example 1: Assigning: "sslO" = return value from "sslSupport.getKeySize()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProcessor.java:803: example_checked: Example 1 (cont.): "sslO" has its value checked in "sslO != null". +# 190| } +# 191| } else if (key.equals("SSL_CIPHER_USEKEYSIZE")) { +# 192|-> return sslSupport.getKeySize().toString(); +# 193| } else if (key.startsWith("SSL_CLIENT_")) { +# 194| X509Certificate[] certificates = sslSupport.getPeerCertificateChain(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:61: path: Condition "name.equals("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:69: path: Condition "name.endsWith("/")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:69: path: Condition "file.isFile()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:75: path: Condition "mustExist", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:75: path: Condition "!file.canRead()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:81: path: Condition "getRoot().getAllowLinking()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:87: path: Condition "org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:87: path: Condition "isInvalidWindowsFilename(name)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:95: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:98: path: Condition "canPath == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:98: path: Condition "!canPath.startsWith(canonicalBase)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:109: returned_null: "normalize" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:109: var_assigned: Assigning: "absPath" = "null" return value from "normalize". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java:110: null_method_call: Calling a method on null object "absPath". +# 108| // well. +# 109| String absPath = normalize(file.getAbsolutePath()); +# 110|-> if (absoluteBase.length() > absPath.length()) { +# 111| return null; +# 112| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:104: path: Condition "org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.instance == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: enhanced_for: Starting an iteration on "factories". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: path: Iterating over another element of "factories". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:110: path: Condition "factoryLoader != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:120: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: path: Iterating over another element of "factories". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:110: path: Condition "factoryLoader != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:111: path: Condition "classLoader.equals(factoryLoader)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:115: modify_iterable: Call to "remove" modifies "Iterable" "factories" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:116: path: Breaking from loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:120: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java:108: invalid_loop: Attempting to obtain another element from "factories" after it's been modified. +# 106| } +# 107| List factories = instance.userFactories; +# 108|-> for (URLStreamHandlerFactory factory : factories) { +# 109| ClassLoader factoryLoader = factory.getClass().getClassLoader(); +# 110| while (factoryLoader != null) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java:1131: path: Condition "getProtocol().getDomain() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java:1135: returned_null: "getRequest" returns "null" (checked 3 out of 4 times). (The virtual call resolves to "org.apache.coyote.http11.upgrade.UpgradeProcessorBase.getRequest".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java:1135: null_method_call: Calling a method on null object "processor.getRequest()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java:1161: example_assign: Example 1: Assigning: "r" = return value from "processor.getRequest()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java:1162: example_checked: Example 1 (cont.): "r" has its value checked in "r == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java:109: example_assign: Example 2: Assigning: "request" = return value from "processor.getRequest()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java:110: example_checked: Example 2 (cont.): "request" has its value checked in "request != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java:122: example_assign: Example 3: Assigning: "request" = return value from "processor.getRequest()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java:123: example_checked: Example 3 (cont.): "request" has its value checked in "request != null". +# 1133| try { +# 1134| long count = registerCount.incrementAndGet(); +# 1135|-> RequestInfo rp = +# 1136| processor.getRequest().getRequestProcessor(); +# 1137| rp.setGlobalProcessor(global); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:655: path: Condition "methodCode != -1 /* org.apache.coyote.ajp.Constants.SC_M_JK_STORED */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:668: path: Condition "socketWrapper != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:673: path: Condition "isSSL", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:719: path: Condition "contentLengthSet", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:735: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:719: path: Condition "contentLengthSet", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:722: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:735: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:685: path: Condition "i < hCount", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:696: path: Condition "40960 == isc", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:700: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:716: path: Condition "hId == -1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:727: path: Condition "hId == 7 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_TYPE */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:731: returned_null: "contentType" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java:731: null_method_call: Calling a method on null object "request.contentType()". +# 729| // just read the content-type header, so set it +# 730| ByteChunk bchunk = vMB.getByteChunk(); +# 731|-> request.contentType().setBytes(bchunk.getBytes(), +# 732| bchunk.getOffset(), +# 733| bchunk.getLength()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java:214: path: Condition "contentDelimitation", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java:228: path: Condition "encodingName.equals("chunked")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java:232: path: Condition "i < inputFilters.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java:233: returned_null: "getEncodingName" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.coyote.http11.filters.SavedRequestInputFilter.getEncodingName".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java:233: null_method_call: Calling a method on null object "inputFilters[i].getEncodingName()". +# 231| } else { +# 232| for (int i = pluggableFilterIndex; i < inputFilters.length; i++) { +# 233|-> if (inputFilters[i].getEncodingName().toString().equals(encodingName)) { +# 234| inputBuffer.addActiveFilter(inputFilters[i]); +# 235| return; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: read_volatile: Reading "this.bytesSent", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: intervening_update: Another thread writes to "this.bytesSent". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:61: stale_update: Updating "this.bytesSent" based on a stale value. Any intervening update in another thread is overwritten. +# 59| } +# 60| public void addBytesSent(long bytesSent) { +# 61|-> this.bytesSent += bytesSent; +# 62| } +# 63| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: read_volatile: Reading "this.bytesReceived", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: intervening_update: Another thread writes to "this.bytesReceived". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:72: stale_update: Updating "this.bytesReceived" based on a stale value. Any intervening update in another thread is overwritten. +# 70| } +# 71| public void addBytesReceived(long bytesReceived) { +# 72|-> this.bytesReceived += bytesReceived; +# 73| } +# 74| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: read_volatile: Reading "this.msgsSent", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: intervening_update: Another thread writes to "this.msgsSent". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:83: stale_update: Updating "this.msgsSent" based on a stale value. Any intervening update in another thread is overwritten. +# 81| } +# 82| public void addMsgsSent(long msgsSent) { +# 83|-> this.msgsSent += msgsSent; +# 84| } +# 85| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: read_volatile: Reading "this.msgsReceived", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: intervening_update: Another thread writes to "this.msgsReceived". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java:94: stale_update: Updating "this.msgsReceived" based on a stale value. Any intervening update in another thread is overwritten. +# 92| } +# 93| public void addMsgsReceived(long msgsReceived) { +# 94|-> this.msgsReceived += msgsReceived; +# 95| } +# 96| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:429: path: Condition "!countedCookie", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:430: read_volatile: Reading "headerCount", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:430: intervening_update: Another thread writes to "headerCount". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:430: stale_update: Updating "headerCount" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:165: example_comparison: Example 1: Example comparison of "headerCount" to value, suggesting a semantically meaningful use. +# 428| // multiple headers to aid compression +# 429| if (!countedCookie) { +# 430|-> headerCount ++; +# 431| countedCookie = true; +# 432| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:434: read_volatile: Reading "headerCount", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:434: intervening_update: Another thread writes to "headerCount". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:434: stale_update: Updating "headerCount" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:165: example_comparison: Example 1: Example comparison of "headerCount" to value, suggesting a semantically meaningful use. +# 432| } +# 433| } else { +# 434|-> headerCount ++; +# 435| } +# 436| // Overhead will vary. The main concern is that lots of small headers + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:426: path: Condition ""cookie".equals(name)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:429: path: Condition "!countedCookie", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:433: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:440: read_volatile: Reading "headerSize", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:440: intervening_update: Another thread writes to "headerSize". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java:440: stale_update: Updating "headerSize" based on a stale value. Any intervening update in another thread is overwritten. +# 438| // estimate of 3 which is the worst case for small headers. +# 439| int inc = 3 + name.length() + value.length(); +# 440|-> headerSize += inc; +# 441| if (!isHeaderCountExceeded() && !isHeaderSizeExceeded(0)) { +# 442| if (log.isDebugEnabled()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:460: path: Condition "org.apache.coyote.http2.Http2Parser.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:467: path: Condition "remaining > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:468: path: Condition "headerReadBuffer.remaining() == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:471: path: Condition "headerReadBuffer.capacity() < payloadSize", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:475: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:480: read_volatile: Reading "headerReadBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:480: intervening_update: Another thread writes to "headerReadBuffer". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java:480: stale_update: Updating "headerReadBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 478| newSize = headerReadBuffer.capacity() * 2; +# 479| } +# 480|-> headerReadBuffer = ByteBufferUtils.expand(headerReadBuffer, newSize); +# 481| } +# 482| int toRead = Math.min(headerReadBuffer.remaining(), remaining); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1228: path: Condition "newStreamsSinceLastPrune < 9", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1230: read_volatile: Reading "newStreamsSinceLastPrune", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1230: intervening_update: Another thread writes to "newStreamsSinceLastPrune". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1230: stale_update: Updating "newStreamsSinceLastPrune" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1228: example_comparison: Example 1: Example comparison of "newStreamsSinceLastPrune" to value, suggesting a semantically meaningful use. +# 1228| if (newStreamsSinceLastPrune < 9) { +# 1229| // Not atomic. Increments may be lost. Not a problem. +# 1230|-> newStreamsSinceLastPrune++; +# 1231| return; +# 1232| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1228: path: Condition "newStreamsSinceLastPrune < 9", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1247: path: Condition "max > 2147483647L /* java.lang.Integer.MAX_VALUE */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1252: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1258: path: Condition "toClose < 1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: return_collection_alias: Call to "values" returns an "Iterable" equivalent to "streams". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: enhanced_for: Starting an iteration on "streams.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1283: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1286: path: Condition "stream.isClosedFinal()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1291: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1329: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: path: Iterating over another element of "streams.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "stream instanceof org.apache.coyote.http2.Stream", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1282: path: Condition "((org.apache.coyote.http2.Stream)stream).isActive()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1286: path: Condition "stream.isClosedFinal()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1291: path: Condition "stream.getChildStreams().size() == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1294: modify_iterable: Call to "remove" modifies "Iterable" "streams" which invalidates the iterator for the loop on "streams.values()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1296: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1299: path: Condition "--toClose < 1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "toClose > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "parent.getIdAsInt() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "parent.getIdAsInt() < stream.getIdAsInt()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "parent.getChildStreams().isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1316: path: Condition "org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1319: path: Condition "--toClose < 1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1324: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "toClose > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "parent.getIdAsInt() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1308: path: Condition "parent.getIdAsInt() < stream.getIdAsInt()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1325: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1329: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java:1280: invalid_loop: Attempting to obtain another element from "streams.values()" after it's been modified. +# 1278| // lock on priorityTreeLock to ensure a consistent view. +# 1279| synchronized (priorityTreeLock) { +# 1280|-> for (AbstractNonZeroStream stream : streams.values()) { +# 1281| // Never remove active streams +# 1282| if (stream instanceof Stream && ((Stream) stream).isActive()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java:561: read_volatile: Reading "contentLengthReceived", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java:561: intervening_update: Another thread writes to "contentLengthReceived". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java:561: stale_update: Updating "contentLengthReceived" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java:587: example_comparison: Example 1: Example comparison of "contentLengthReceived" to value, suggesting a semantically meaningful use. +# 559| @Override +# 560| final void receivedData(int payloadSize) throws Http2Exception { +# 561|-> contentLengthReceived += payloadSize; +# 562| long contentLengthHeader = coyoteRequest.getContentLengthLong(); +# 563| if (contentLengthHeader > -1 && contentLengthReceived > contentLengthHeader) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:137: path: Condition "base == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:137: path: Condition "property == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:147: path: Condition "paramTypes == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:147: var_compare_op: Comparing "paramTypes" to null implies that "paramTypes" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:149: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:156: path: Iterating over another element of "methods". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:157: path: Condition "!m.getName().equals(methodName)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:159: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:260: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:156: path: Iterating over another element of "methods". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:157: path: Condition "!m.getName().equals(methodName)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:167: path: Condition "!m.isVarArgs()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:171: path: Condition "m.isVarArgs()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:171: path: Condition "paramCount < mParamCount - 1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "m.isVarArgs()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramCount == mParamCount", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramValues != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:175: path: Condition "paramValues.length > paramCount", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java:175: null_array_access: Accessing an element on null array "paramTypes". +# 173| continue; +# 174| } +# 175|-> if (m.isVarArgs() && paramCount == mParamCount && paramValues != null && +# 176| paramValues.length > paramCount && !paramTypes[mParamCount -1].isArray()) { +# 177| // Method arguments don't match + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:127: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: returned_null: "createTask" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: var_assigned: Assigning: "javac" = "null" return value from "createTask". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:153: path: Condition "tokenizer.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:160: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:173: path: Condition "exts != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:176: null_method_call: Calling a method on null object "javac". +# 174| Path extdirs = new Path(project); +# 175| extdirs.setPath(exts); +# 176|-> javac.setExtdirs(extdirs); +# 177| info.append(" extension dir=" + exts + "\n"); +# 178| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:127: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: returned_null: "createTask" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: var_assigned: Assigning: "javac" = "null" return value from "createTask". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:153: path: Condition "tokenizer.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:160: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:173: path: Condition "exts != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:182: path: Condition "ctxt.getOptions().getFork()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:184: path: Condition "endorsed != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:185: null_method_call: Calling a method on null object "javac". +# 183| String endorsed = System.getProperty("java.endorsed.dirs"); +# 184| if(endorsed != null) { +# 185|-> Javac.ImplementationSpecificArgument endorsedArg = +# 186| javac.createCompilerArg(); +# 187| endorsedArg.setLine("-J-Djava.endorsed.dirs=" + + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:127: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: returned_null: "createTask" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:146: var_assigned: Assigning: "javac" = "null" return value from "createTask". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:153: path: Condition "tokenizer.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:160: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:173: path: Condition "exts != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:182: path: Condition "ctxt.getOptions().getFork()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:184: path: Condition "endorsed != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java:197: null_method_call: Calling a method on null object "javac". +# 195| +# 196| // Configure the compiler object +# 197|-> javac.setEncoding(javaEncoding); +# 198| javac.setClasspath(path); +# 199| javac.setDebug(ctxt.getOptions().getClassDebugInfo()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:456: path: Condition "jsw != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:456: path: Condition "ctxt.getOptions().getModificationTestInterval() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:459: path: Condition "jsw.getLastModificationTest() + ctxt.getOptions().getModificationTestInterval() * 1000 > java.lang.System.currentTimeMillis()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:472: path: Condition "checkClass", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:474: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:477: path: Condition "!targetFile.exists()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:481: path: Condition "checkClass", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:481: path: Condition "jsw != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:486: path: Condition "jspRealLastModified.longValue() < 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:491: path: Condition "targetLastModified != jspRealLastModified.longValue()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:501: path: Condition "jsw == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:506: path: Condition "depends == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:510: path: Iterating over another element of "depends.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:515: path: Condition "key.startsWith("jar:jar:")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:522: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:541: path: Condition "includeLastModified != (java.lang.Long)include.getValue().longValue()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:544: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:551: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:510: path: Iterating over another element of "depends.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:515: path: Condition "key.startsWith("jar:jar:")", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:523: path: Condition "key.startsWith("jar:")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:525: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:528: path: Condition "includeUrl == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:532: path: Condition "iuc instanceof java.net.JarURLConnection", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:533: returned_null: "getJarEntry" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.webresources.CachedResource.CachedResourceJarURLConnection.getJarEntry".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:533: null_method_call: Calling a method on null object "((java.net.JarURLConnection)iuc).getJarEntry()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java:391: example_assign: Example 1: Assigning: "jarEntry" = return value from "((java.net.JarURLConnection)uc).getJarEntry()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java:392: example_checked: Example 1 (cont.): "jarEntry" has its value checked in "jarEntry != null". +# 531| URLConnection iuc = includeUrl.openConnection(); +# 532| if (iuc instanceof JarURLConnection) { +# 533|-> includeLastModified = +# 534| ((JarURLConnection) iuc).getJarEntry().getTime(); +# 535| } else { + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:58: get_attribute: Calling "getAttribute" on thread-shared object "context". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:59: path: Condition "attribute instanceof org.apache.jasper.compiler.ELInterpreter", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:61: path: Condition "attribute instanceof java.lang.String", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:66: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:69: path: Condition "className != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:75: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java:80: set_attribute: Calling "setAttribute" on thread-shared object "context" can result in a lost update. +# 78| +# 79| // Cache the result for next time +# 80|-> context.setAttribute(EL_INTERPRETER_CLASS_NAME, result); +# 81| return result; +# 82| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:109: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:110: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:110: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:111: path: Condition "curToken instanceof org.apache.jasper.compiler.ELParser.Char", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:123: path: Condition "buf.length() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:127: path: Condition "!parseFunction()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:128: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 126| } +# 127| if (!parseFunction()) { +# 128|-> ELexpr.add(new ELNode.ELText(curToken.toString())); +# 129| } +# 130| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "isELReserved(curToken.toTrimmedString())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken instanceof org.apache.jasper.compiler.ELParser.Char", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken.toChar() == '.'", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:156: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:158: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:158: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:159: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 157| int mark = getIndex() - whiteSpace.length(); +# 158| curToken = nextToken(); +# 159|-> if (curToken.toChar() == ':') { +# 160| if (hasNext()) { +# 161| Token t2 = nextToken(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "isELReserved(curToken.toTrimmedString())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken instanceof org.apache.jasper.compiler.ELParser.Char", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:148: path: Condition "prevToken.toChar() == '.'", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:156: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:159: path: Condition "curToken.toChar() == ':'", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:160: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:162: path: Condition "t2 instanceof org.apache.jasper.compiler.ELParser.Id", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:165: path: Condition "hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:166: returned_null: "nextToken" returns "null" (checked 1 out of 4 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:166: var_assigned: Assigning: "curToken" = "null" return value from "nextToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:171: null_method_call: Calling a method on null object "curToken". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:161: example_assign: Example 1: Assigning: "t2" = return value from "nextToken()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java:162: example_checked: Example 1 (cont.): "t2" has its value checked in "t2 instanceof org.apache.jasper.compiler.ELParser.Id". +# 169| } +# 170| } +# 171|-> if (curToken.toChar() == '(') { +# 172| ELexpr.add(new ELNode.Function(s1, s2, expression.substring(start, index - 1))); +# 173| return true; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:257: path: Condition "errCode != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:259: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:265: path: Condition "where != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:266: path: Condition "jspcMode", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:269: returned_null: "getURL" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java:269: null_method_call: Calling a method on null object "where.getURL()". +# 267| // Get the full URL of the resource that caused the error +# 268| try { +# 269|-> file = where.getURL().toString(); +# 270| } catch (MalformedURLException me) { +# 271| // Fallback to using context-relative path + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2780: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2783: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2798: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2798: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2800: path: Condition "varInfos.length > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2801: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2802: path: Condition "varInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2803: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2817: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2801: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2802: path: Condition "varInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2807: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2805| // If the scripting variable has been declared, skip codes +# 2806| // for saving and restoring it. +# 2807|-> if (declaredVariables.contains(varInfo)) { +# 2808| continue; +# 2809| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2780: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2783: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2794: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2798: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2798: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2800: path: Condition "varInfos.length > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2819: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2820: path: Condition "tagVarInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2821: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2844: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2819: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2820: path: Condition "tagVarInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2825: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2823| // If the scripting variable has been declared, skip codes +# 2824| // for saving and restoring it. +# 2825|-> if (declaredVariables.contains(tagVarInfo)) { +# 2826| continue; +# 2827| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2856: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2859: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2874: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2874: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2876: path: Condition "varInfos.length > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2877: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2878: path: Condition "varInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2879: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2893: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2877: path: Iterating over another element of "varInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2878: path: Condition "varInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2883: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2881| // If the scripting variable has been declared, skip codes +# 2882| // for saving and restoring it. +# 2883|-> if (declaredVariables.contains(varInfo)) { +# 2884| continue; +# 2885| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2856: path: Condition "n.getCustomNestingLevel() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2859: path: Condition "isFragment", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "varInfos.length == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2870: path: Condition "tagVarInfos.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2874: returned_null: "getScriptingVars" returns "null" (checked 1 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2874: var_assigned: Assigning: "declaredVariables" = "null" return value from "getScriptingVars". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2876: path: Condition "varInfos.length > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2895: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2896: path: Condition "tagVarInfo.getScope() != scope", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2897: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2920: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2895: path: Iterating over another element of "tagVarInfos". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2896: path: Condition "tagVarInfo.getScope() != scope", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2901: null_method_call: Calling a method on null object "declaredVariables". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2742: example_assign: Example 1: Assigning: "vec" = return value from "n.getScriptingVars(scope)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java:2743: example_checked: Example 1 (cont.): "vec" has its value checked in "vec != null". +# 2899| // If the scripting variable has been declared, skip codes +# 2900| // for saving and restoring it. +# 2901|-> if (declaredVariables.contains(tagVarInfo)) { +# 2902| continue; +# 2903| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java:659: path: Condition "jar != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java:665: returned_null: "getResource" returns "null" (checked 2 out of 6 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java:665: null_method_call: Calling a method on null object "ctxt.getResource(fname)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java:384: example_assign: Example 1: Assigning: "jspUrl" = return value from "getResource(resource)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java:385: example_checked: Example 1 (cont.): "jspUrl" has its value checked in "jspUrl == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:526: example_assign: Example 2: Assigning: "includeUrl" = return value from "ctxt.getResource((java.lang.String)include.getKey())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java:528: example_checked: Example 2 (cont.): "includeUrl" has its value checked in "includeUrl == null". +# 663| } else { +# 664| source = new InputSource(ctxt.getResourceAsStream(fname)); +# 665|-> source.setSystemId(ctxt.getResource(fname).toExternalForm()); +# 666| } +# 667| return source; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:451: path: Condition ""none".equalsIgnoreCase(value)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:454: path: Condition "value == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:454: var_compare_op: Comparing "value" to null implies that "value" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:455: path: Condition "n == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:457: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java:462: null_method_call: Calling a method on null object "value". +# 460| } +# 461| try { +# 462|-> @SuppressWarnings("null") // value can't be null here +# 463| int k = Integer.parseInt(value.substring(0, value.length()-2)); +# 464| buffer = k * 1024; + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:52: save: Saving non-local "parent" in local "tmpParent". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:53: modify: Modifying non-local "parent". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: exception: Value of non-local "parent" that was saved in "tmpParent" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: remediation: Did you intend to enclose the code in a try block and handle restoring "parent" in a finally block to ensure it is always executed? +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:54: path: Throwing "org.apache.jasper.JasperException" (or subclass) from call to "visitBody"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java:55: restore_example: The original value of non-local "parent" was restored here. +# 52| Node.CustomTag tmpParent = parent; +# 53| parent = n; +# 54|-> visitBody(n); +# 55| parent = tmpParent; +# 56| n.setNumCount(Integer.valueOf(count++)); + +Error: SERVLET_ATOMICITY (CWE-567): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:54: get_attribute: Calling "getAttribute" on thread-shared object "context". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:55: path: Condition "attribute instanceof org.apache.jasper.compiler.StringInterpreter", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:57: path: Condition "attribute instanceof java.lang.String", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:62: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:64: path: Condition "className != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:70: path: Condition "result == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java:75: set_attribute: Calling "setAttribute" on thread-shared object "context" can result in a lost update. +# 73| +# 74| // Cache the result for next time +# 75|-> context.setAttribute(STRING_INTERPRETER_CLASS_NAME, result); +# 76| return result; +# 77| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java:499: assign_zero: Assigning: "page" = "null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java:501: path: Throwing "java.io.IOException" (or subclass) from call to "parseTagFileDirectives". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java:502: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java:508: null_method_call: Calling a method on null object "page". +# 506| TagFileDirectiveVisitor tagFileVisitor = new TagFileDirectiveVisitor(pc +# 507| .getCompiler(), tagLibInfo, name, path); +# 508|-> page.visit(tagFileVisitor); +# 509| tagFileVisitor.postCheck(); +# 510| + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:120: path: Condition "tldResourcePath == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:129: path: Condition "pageInfo != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:133: path: Condition "path != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:140: path: Condition "jar != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:175: path: Condition "tldResourcePath.getUrl() == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:180: path: Condition "taglibXml == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:180: var_compare_op: Comparing "taglibXml" to null implies that "taglibXml" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:187: null_method_call: Calling a method on null object "taglibXml". +# 185| // Never null. jspError always throws an Exception +# 186| // Slightly convoluted so the @SuppressWarnings has minimal scope +# 187|-> @SuppressWarnings("null") +# 188| String v = taglibXml.getJspVersion(); +# 189| this.jspversion = v; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:322: path: Condition "path == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:322: var_compare_op: Comparing "path" to null implies that "path" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:325: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:329: path: Condition "jar == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java:329: null_method_call: Calling a method on null object "path". +# 327| } +# 328| +# 329|-> if (jar == null && path.startsWith("/META-INF/tags")) { +# 330| // This is a tag file that was packaged in a JAR that has been +# 331| // unpacked into /WEB-INF/classes (probably by an IDE). Adjust the + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java:128: path: Condition "webappPath != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java:131: returned_null: "getResource" returns "null" (checked 15 out of 21 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.getResource".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java:131: var_assigned: Assigning: "url" = "null" return value from "getResource". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java:132: null_method_call: Calling a method on null object "url". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/NamingContextListener.java:861: example_assign: Example 1: Assigning: "wsdlURL" = return value from "((org.apache.catalina.Context)container).getServletContext().getResource(service.getWsdlfile())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/NamingContextListener.java:867: example_checked: Example 1 (cont.): "wsdlURL" has its value checked in "wsdlURL == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:172: example_assign: Example 2: Assigning: "resource" = return value from "servletContext.getResource(path)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java:173: example_checked: Example 2 (cont.): "resource" has its value checked in "resource == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java:476: example_assign: Example 3: Assigning: "url" = return value from "context.getResource(path)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java:477: example_checked: Example 3 (cont.): "url" has its value checked in "url == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2005: example_assign: Example 4: Assigning: "url" = return value from "servletContext.getResource("/WEB-INF/web.xml")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java:2012: example_checked: Example 4 (cont.): "url" has its value checked in "url == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebappServiceLoader.java:167: example_assign: Example 5: Assigning: "jarUrl" = return value from "servletContext.getResource("/WEB-INF/lib/" + lib)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebappServiceLoader.java:168: example_checked: Example 5 (cont.): "jarUrl" has its value checked in "jarUrl == null". +# 130| // the class path but not part of the web application +# 131| URL url = servletContext.getResource(tldResourcePath.getWebappPath()); +# 132|-> URLConnection conn = url.openConnection(); +# 133| result[0] = conn.getLastModified(); +# 134| if ("file".equals(url.getProtocol())) { + +Error: MISSING_RESTORE (CWE-573): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:103: save: Saving non-local "pageEncodingSeen" in local "pageEncodingSeenSave". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:104: modify: Modifying non-local "pageEncodingSeen". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:105: exception: Value of non-local "pageEncodingSeen" that was saved in "pageEncodingSeenSave" is not restored on this exception path as it was along other paths. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:105: remediation: Did you intend to enclose the code in a try block and handle restoring "pageEncodingSeen" in a finally block to ensure it is always executed? +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:105: path: Throwing "org.apache.jasper.JasperException" (or subclass) from call to "visitBody"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java:106: restore_example: The original value of non-local "pageEncodingSeen" was restored here. +# 103| boolean pageEncodingSeenSave = pageEncodingSeen; +# 104| pageEncodingSeen = false; +# 105|-> visitBody(n); +# 106| pageEncodingSeen = pageEncodingSeenSave; +# 107| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:980: path: Condition "flush", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:980: path: Condition "!(out instanceof javax.servlet.jsp.tagext.BodyContent)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:992: returned_null: "getRequestDispatcher" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:992: var_assigned: Assigning: "rd" = "null" return value from "getRequestDispatcher". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java:994: null_method_call: Calling a method on null object "rd". +# 992| RequestDispatcher rd = request.getRequestDispatcher(resourcePath); +# 993| +# 994|-> rd.include(request, +# 995| new ServletResponseWrapperInclude(response, out)); +# 996| + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:284: path: Condition "jspUri == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:291: path: Condition "jspUri != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:299: path: Condition "pathInfo != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:302: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:316: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:320: thread_shared_data: "this" is thread-shared because it has type "org.apache.jasper.servlet.JspServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:63: thread_shared_derived: "org.apache.jasper.servlet.JspServlet" is thread-shared because it implements "javax.servlet.Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:278: thread_entry_point: "service" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:320: thread_unsafe_modification: Thread-shared "context" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:320: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java:320: write: "context" is modified in call to "getRealPath". (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.getRealPath".) +# 318| log.debug("\t ServletPath: " + request.getServletPath()); +# 319| log.debug("\t PathInfo: " + request.getPathInfo()); +# 320|-> log.debug("\t RealPath: " + context.getRealPath(jspUri)); +# 321| log.debug("\t RequestURI: " + request.getRequestURI()); +# 322| log.debug("\t QueryString: " + request.getQueryString()); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/juli/logging/LogFactory.java:88: alloc_fn: A new resource is returned from allocation method "getDefault". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/juli/logging/LogFactory.java:88: leaked_resource: Ignoring resource created by "java.nio.file.FileSystems.getDefault()" leaks it. +# 86| * a fix. +# 87| */ +# 88|-> FileSystems.getDefault(); +# 89| +# 90| // Look via a ServiceLoader for a Log implementation that has a + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:828: path: Condition "!name.isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:828: path: Condition "name.get(0).length() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:831: path: Condition "name.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:838: path: Condition "entry == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:843: path: Condition "name.size() > 1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:852: path: Condition "resolveLinks", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:852: path: Condition "entry.type == 1 /* org.apache.naming.NamingEntry.LINK_REF */", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:860: path: Condition "entry.type == 2 /* org.apache.naming.NamingEntry.REFERENCE */", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:863: path: Condition "!org.apache.naming.NamingContext.GRAAL", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:865: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:874: path: Condition "entry.value instanceof org.apache.naming.ResourceRef", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:875: returned_null: "get" returns "null" (checked 66 out of 82 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:875: null_method_call: Calling a method on null object "((org.apache.naming.ResourceRef)entry.value).get("singleton")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:86: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("dataSourceName")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:87: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 3: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 3 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 4: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 4 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 873| } +# 874| if (entry.value instanceof ResourceRef) { +# 875|-> boolean singleton = Boolean.parseBoolean( +# 876| (String) ((ResourceRef) entry.value).get( +# 877| "singleton").getContent()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:57: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:60: returned_null: "get" returns "null" (checked 66 out of 82 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:60: var_assigned: Assigning: "passAttr" = "null" return value from "get". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: path: Condition "userAttr.getContent() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: null_method_call: Calling a method on null object "passAttr". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:86: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("dataSourceName")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:87: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 3: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 3 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 4: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 4 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 59| RefAddr userAttr = ref.get("username"); +# 60| RefAddr passAttr = ref.get("password"); +# 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) { +# 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString()); +# 63| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:57: path: Condition "result != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:59: returned_null: "get" returns "null" (checked 66 out of 82 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:59: var_assigned: Assigning: "userAttr" = "null" return value from "get". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java:61: null_method_call: Calling a method on null object "userAttr". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:86: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("dataSourceName")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:87: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 3: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 3 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 4: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 4 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 59| RefAddr userAttr = ref.get("username"); +# 60| RefAddr passAttr = ref.get("password"); +# 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) { +# 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString()); +# 63| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java:100: path: Condition "list.hasMoreElements()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java:111: path: Condition "fromAddr != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java:112: returned_null: "get" returns "null" (checked 66 out of 82 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java:112: null_method_call: Calling a method on null object "ref.get("mail.from")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:86: example_assign: Example 1: Assigning: "ra" = return value from "ref.get("dataSourceName")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java:87: example_checked: Example 1 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:89: example_assign: Example 2: Assigning: "ra" = return value from "ref.get("pathname")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java:90: example_checked: Example 2 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:150: example_assign: Example 3: Assigning: "ra" = return value from "ref.get("forceString")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java:154: example_checked: Example 3 (cont.): "ra" has its value checked in "ra != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:69: example_assign: Example 4: Assigning: "linkRefAddr" = return value from "ref.get("link")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java:70: example_checked: Example 4 (cont.): "linkRefAddr" has its value checked in "linkRefAddr != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:56: example_assign: Example 5: Assigning: "factoryRefAddr" = return value from "ref.get("factory")". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java:57: example_checked: Example 5 (cont.): "factoryRefAddr" has its value checked in "factoryRefAddr != null". +# 110| String from = null; +# 111| if (fromAddr != null) { +# 112|-> from = (String)ref.get("mail.from").getContent(); +# 113| } +# 114| if (from != null) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:84: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:91: path: Iterating over another element of "filesets". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:95: path: Iterating over another element of "files". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:106: path: Condition "oldEntries.hasMoreElements()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:114: alloc_fn: A new resource is returned from allocation method "getInputStream". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:114: var_assign: Assigning: "is" = resource returned from "oldZipFile.getInputStream(oldEntry)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:117: noescape: Resource "is" is not closed or saved in "read". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:117: path: Condition "(numRead = is.read(buf)) >= 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java:120: leaked_resource: Variable "is" going out of scope leaks the resource it refers to. +# 118| zipOut.write(buf, 0, numRead); +# 119| } +# 120|-> } +# 121| } +# 122| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:33: returned_null: "listFiles" returns "null" (checked 5 out of 6 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:33: null_array_length: Accessing length of null array "root.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/util/ExtensionValidator.java:343: example_assign: Example 1: Assigning: "files" = return value from "targetDir.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/util/ExtensionValidator.java:344: example_checked: Example 1 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/DirResourceSet.java:157: example_assign: Example 2: Assigning: "list" = return value from "f.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/DirResourceSet.java:158: example_checked: Example 2 (cont.): "list" has its value checked in "list != null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Utils.java:108: example_assign: Example 3: Assigning: "files" = return value from "dir.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Utils.java:109: example_checked: Example 3 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:98: example_assign: Example 4: Assigning: "files" = return value from "directory.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:99: example_checked: Example 4 (cont.): "files" has its value checked in "files == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:201: example_assign: Example 5: Assigning: "files" = return value from "directory.listFiles()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java:202: example_checked: Example 5 (cont.): "files" has its value checked in "files == null". +# 31| File root = new File(Constants.STORAGE_DIR); +# 32| +# 33|-> for (File f : root.listFiles()) { +# 34| // Not robust but good enough +# 35| if (f.isFile() && f.getName().startsWith(Constants.L10N_PREFIX)) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:56: path: Iterating over another element of "objKeys". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:60: path: Condition "value.trim().length() == 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:61: path: Continuing loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:83: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:56: path: Iterating over another element of "objKeys". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:60: path: Condition "value.trim().length() == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:65: path: Condition "!cKey.pkg.equals(currentPkg)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:67: path: Condition "w != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:71: new_resource: "new java.io.FileOutputStream(outFile)" creates a new resource. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:71: var_assign: Assigning: "fos" = resource returned from "new java.io.FileOutputStream(outFile)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:72: var_assign: Assigning: "w" = resource returned from "new java.io.OutputStreamWriter(fos, java.nio.charset.StandardCharsets.UTF_8)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:73: noescape: Resource "w" is not closed or saved in "insertLicense". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:74: leaked_resource: Variable "fos" going out of scope leaks the resource it refers to. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:76: path: Condition "!currentGroup.equals(cKey.group)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: noescape: Resource "w" is not closed or saved in "write". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: path: Throwing "java.io.IOException" (or subclass) from call to "write"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java:78: leaked_resource: Variable "w" going out of scope leaks the resource it refers to. +# 76| if (!currentGroup.equals(cKey.group)) { +# 77| currentGroup = cKey.group; +# 78|-> w.write(System.lineSeparator()); +# 79| } +# 80| + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:419: path: Condition "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:419: var_compare_op: Comparing "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT" to null implies that "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:434: path: Condition "allRefAddrs.hasMoreElements()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:439: path: Condition "allPropsAsList.contains(propertyName)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java:439: null_method_call: Calling a method on null object "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT". +# 437| // If property name is not in the properties list, we haven't warned on it +# 438| // and it is not in the "silent" list, tell user we are ignoring it. +# 439|-> if (!(allPropsAsList.contains(propertyName) || NUPROP_WARNTEXT.containsKey(propertyName) +# 440| || SILENT_PROPERTIES.contains(propertyName))) { +# 441| final String propertyValue = Objects.toString(ra.getContent(), null); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:415: jdbc_fn: An open JDBC connection is returned from "createConnection". (The virtual call resolves to "org.apache.tomcat.dbcp.dbcp2.DataSourceConnectionFactory.createConnection".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:415: var_assign: Assigning: "conn" = JDBC connection returned from "connectionFactory.createConnection()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:416: path: Condition "conn == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:420: noescape: Resource "conn" is not closed or saved in "initializeConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:421: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:430: path: Condition "poolStatements", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:457: path: Condition "dataSourceJmxObjectName == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:460: path: Throwing "javax.management.MalformedObjectNameException" from call to "ObjectName"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java:460: leaked_connection: Variable "conn" going out of scope leaks the connection it holds open. +# 458| connJmxName = null; +# 459| } else { +# 460|-> connJmxName = new ObjectName( +# 461| dataSourceJmxObjectName.toString() + Constants.JMX_CONNECTION_BASE_EXT + connIndex); +# 462| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java:296: returned_null: "getInnermostDelegate" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java:296: null_method_call: Calling a method on null object "(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()". +# 294| public void destroyObject(final PStmtKey key, final PooledObject pooledObject) +# 295| throws Exception { +# 296|-> pooledObject.getObject().getInnermostDelegate().close(); +# 297| } +# 298| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java:342: returned_null: "getInnermostDelegate" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java:342: null_method_call: Calling a method on null object "(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()". +# 340| public void destroyObject(final PStmtKey key, final PooledObject pooledObject) +# 341| throws Exception { +# 342|-> pooledObject.getObject().getInnermostDelegate().close(); +# 343| } +# 344| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:617: path: Condition "manager == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:621: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:630: path: Throwing "java.sql.SQLException" (or subclass) from call to "borrowObject". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:633: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:637: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:647: returned_null: "getPool" returns "null" (checked 2 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:647: var_assigned: Assigning: "pool" = "null" return value from "getPool". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:648: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:652: null_method_call: Calling a method on null object "pool". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:180: example_assign: Example 1: Assigning: "pool" = return value from "getPool(getPoolKey(userName))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:181: example_checked: Example 1 (cont.): "pool" has its value checked in "pool == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:201: example_assign: Example 2: Assigning: "pool" = return value from "getPool(getPoolKey(userName))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:202: example_checked: Example 2 (cont.): "pool" has its value checked in "pool == null". +# 650| } +# 651| try { +# 652|-> info = pool.borrowObject(); +# 653| } catch (final Exception ex) { +# 654| throw new SQLException("Could not retrieve connection info from pool", ex); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:704: returned_null: "getObjectInstance" returns "null" (checked 2 out of 5 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:704: var_assigned: Assigning: "oldDS" = "null" return value from "getObjectInstance". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java:706: null_field_access: Accessing field of null object "oldDS". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:872: example_assign: Example 1: Assigning: "obj" = return value from "factory.getObjectInstance(entry.value, name, this, env)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:883: example_checked: Example 1 (cont.): "obj" has its value checked in "obj == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java:117: example_assign: Example 2: Assigning: "result" = return value from "factory.getObjectInstance(obj, name, nameCtx, environment)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java:127: example_checked: Example 2 (cont.): "result" has its value checked in "result != null". +# 704| final PerUserPoolDataSource oldDS = (PerUserPoolDataSource) new PerUserPoolDataSourceFactory() +# 705| .getObjectInstance(getReference(), null, null, null); +# 706|-> this.managers = oldDS.managers; +# 707| } catch (final NamingException e) { +# 708| throw new IOException("NamingException: " + e); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:37: new_resource: Created a new object of type "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource", which implements "java.lang.AutoCloseable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:37: var_assign: Assigning: "pupds" = resource returned from "new org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:39: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:44: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:49: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:54: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:60: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:66: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:72: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:78: path: Condition "refAddr != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:84: path: Condition "refAddr != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:84: path: Condition "refAddr.getContent() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:86: path: Throwing "java.io.IOException" (or subclass) from call to "deserialize"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java:86: leaked_resource: Variable "pupds" going out of scope leaks the resource it refers to. +# 84| if (refAddr != null && refAddr.getContent() != null) { +# 85| final byte[] serialized = (byte[]) refAddr.getContent(); +# 86|-> pupds.setPerUserDefaultReadOnly((Map) deserialize(serialized)); +# 87| } +# 88| return pupds; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:157: returned_null: "getObjectInstance" returns "null" (checked 2 out of 5 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:157: var_assigned: Assigning: "oldDS" = "null" return value from "getObjectInstance". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java:158: null_field_access: Accessing field of null object "oldDS". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:872: example_assign: Example 1: Assigning: "obj" = return value from "factory.getObjectInstance(entry.value, name, this, env)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java:883: example_checked: Example 1 (cont.): "obj" has its value checked in "obj == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java:117: example_assign: Example 2: Assigning: "result" = return value from "factory.getObjectInstance(obj, name, nameCtx, environment)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java:127: example_checked: Example 2 (cont.): "result" has its value checked in "result != null". +# 156| in.defaultReadObject(); +# 157| final SharedPoolDataSource oldDS = (SharedPoolDataSource) new SharedPoolDataSourceFactory().getObjectInstance(getReference(), null, null, null); +# 158|-> this.pool = oldDS.pool; +# 159| } catch (final NamingException e) { +# 160| throw new IOException("NamingException: " + e); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:32: new_resource: Created a new object of type "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource", which implements "java.lang.AutoCloseable". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:32: var_assign: Assigning: "spds" = resource returned from "new org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:34: path: Condition "ra != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:34: path: Condition "ra.getContent() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:35: path: Throwing "java.lang.NumberFormatException" from call to "parseInt"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java:35: leaked_resource: Variable "spds" going out of scope leaks the resource it refers to. +# 33| final RefAddr ra = ref.get("maxTotal"); +# 34| if (ra != null && ra.getContent() != null) { +# 35|-> spds.setMaxTotal(Integer.parseInt(ra.getContent().toString())); +# 36| } +# 37| return spds; + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:143: path: Condition "userName == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:145: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:150: alloc_fn: A new resource is returned from allocation method "getConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:150: var_assign: Assigning: "connection" = resource returned from "xaConnection.getConnection()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:151: path: Throwing "java.sql.SQLException" (or subclass) from call to "getXAResource"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:151: leaked_resource: Variable "connection" going out of scope leaks the resource it refers to. +# 149| // get the real connection and XAResource from the connection +# 150| final Connection connection = xaConnection.getConnection(); +# 151|-> final XAResource xaResource = xaConnection.getXAResource(); +# 152| +# 153| // register the xa resource for the connection + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:143: path: Condition "userName == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:146: jdbc_fn: An open JDBC connection is returned from "getXAConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:146: var_assign: Assigning: "xaConnection" = JDBC connection returned from "xaDataSource.getXAConnection(userName, org.apache.tomcat.dbcp.dbcp2.Utils.toString(userPassword))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:150: noescape: Resource "xaConnection" is not closed or saved in "getConnection". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java:179: leaked_connection: Variable "xaConnection" going out of scope leaks the connection it holds open. +# 177| }); +# 178| +# 179|-> return connection; +# 180| } +# 181| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:98: read_volatile: Reading "idleHighWaterMark", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:98: intervening_update: Another thread writes to "idleHighWaterMark". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:98: stale_update: Updating "idleHighWaterMark" based on a stale value. Any intervening update in another thread is overwritten. +# 96| public void update(final long nowMillis, final int numIdle) { +# 97| final int idle = Math.max(0, numIdle); +# 98|-> idleHighWaterMark = Math.max(idle, idleHighWaterMark); +# 99| final float maxInterval = 15f; +# 100| final float minutes = maxInterval + + +Error: LOCK_INVERSION (CWE-833): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1251: lock_acquire: Calling "lock" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java:1253: lock_order: Acquiring lock "BaseGenericObjectPool.evictionLock" while holding "SynchronizedPooledObjectFactory.writeLock.lock()" conflicts with the lock order established elsewhere. (The virtual call resolves to "org.apache.tomcat.dbcp.dbcp2.managed.PoolableManagedConnectionFactory.makeObject".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:666: lock_acquire: Example 1: Acquiring lock "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:726: example_lock_order: Example 1 (cont.): Calling "destroy" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()" while holding "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:666: lock_acquire: Example 2: Acquiring lock "BaseGenericObjectPool.evictionLock". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:723: example_lock_order: Example 2 (cont.): Calling "activateObject" acquires lock "SynchronizedPooledObjectFactory.writeLock.lock()" while holding "BaseGenericObjectPool.evictionLock". (The virtual call resolves to "org.apache.tomcat.dbcp.pool2.PoolUtils.SynchronizedPooledObjectFactory.activateObject".) +# 1251| writeLock.lock(); +# 1252| try { +# 1253|-> return factory.makeObject(); +# 1254| } finally { +# 1255| writeLock.unlock(); + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:77: return_collection_alias: Call to "entrySet" returns an "Iterable" equivalent to "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:77: enhanced_for: Starting an iteration on "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:77: path: Iterating over another element of "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:78: path: Condition "(java.lang.ref.Reference)entry.getKey().get() == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:80: modify_iterable: Call to "remove" modifies "Iterable" "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap" which invalidates the iterator for the loop on "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:82: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java:77: invalid_loop: Attempting to obtain another element from "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()" after it's been modified. +# 75| public void run() { +# 76| synchronized (EvictionTimer.class) { +# 77|-> for (final Entry, WeakRunner> entry : taskMap.entrySet()) { +# 78| if (entry.getKey().get() == null) { +# 79| executor.remove(entry.getValue()); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:790: path: Condition "factoryType == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:794: returned_null: "getFactoryType" returns "null" (checked 0 out of 1 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:794: var_assigned: Assigning: "pooledObjectType" = "null" return value from "getFactoryType". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java:796: null_method_call: Calling a method on null object "pooledObjectType". +# 794| final Class pooledObjectType = +# 795| PoolImplUtils.getFactoryType(factory.getClass()); +# 796|-> result.append(pooledObjectType.getName()); +# 797| result.append('>'); +# 798| factoryType = result.toString(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:80: path: Condition "type == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:80: path: Condition "clazz == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:87: path: Condition "pi != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:96: path: Condition "result instanceof java.lang.Class", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:100: path: Condition "result instanceof java.lang.Integer", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:103: returned_null: "getGenericSuperclass" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:103: var_assigned: Assigning: "superClassType" = "null" return value from "getGenericSuperclass". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java:104: null_method_call: Calling a method on null object "superClassType". +# 102| // Map that unknown type to the generic types defined in this class +# 103| final ParameterizedType superClassType = (ParameterizedType) clazz.getGenericSuperclass(); +# 104|-> return getTypeParameter(clazz, superClassType.getActualTypeArguments()[((Integer) result).intValue()]); +# 105| } +# 106| // Error will be logged further up the call stack + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:183: path: Condition "null == obj", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:184: path: Condition "idleReferences.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:195: returned_null: "idleReferences.pollFirst()" returns "null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:195: var_assigned: Assigning: "ref" = "null" return value from "pollFirst". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java:196: null_method_call: Calling a method on null object "ref". +# 194| } else { +# 195| ref = idleReferences.pollFirst(); +# 196|-> obj = ref.getObject(); +# 197| // Clear the reference so it will not be queued, but replace with a +# 198| // a new, non-registered reference so we can still track this object + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:422: path: Iterating over another element of "methods". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:423: path: Condition "method.getName().equals(name)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: path: Condition "params == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: var_compare_op: Comparing "params" to null implies that "params" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:425: path: Condition "methodParams.length == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java:428: null_array_length: Accessing length of null array "params". +# 426| return method; +# 427| } +# 428|-> if (params.length != methodParams.length) { +# 429| continue; +# 430| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:88: path: Condition "replaceOnError", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:90: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:96: path: Condition "charset.equals(java.nio.charset.StandardCharsets.UTF_8)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:99: returned_null: "newDecoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:99: var_assigned: Assigning: "decoder" = "null" return value from "newDecoder". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java:101: null_method_call: Calling a method on null object "decoder". +# 99| decoder = charset.newDecoder(); +# 100| } +# 101|-> decoder.onMalformedInput(action); +# 102| decoder.onUnmappableCharacter(action); +# 103| } + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java:42: returned_null: "newEncoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newEncoder".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java:42: var_assigned: Assigning: "encoder" = "null" return value from "newEncoder". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java:43: null_method_call: Calling a method on null object "encoder". +# 41| public C2BConverter(Charset charset) { +# 42| encoder = charset.newEncoder(); +# 43|-> encoder.onUnmappableCharacter(CodingErrorAction.REPLACE) +# 44| .onMalformedInput(CodingErrorAction.REPLACE); +# 45| char[] left = new char[4]; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:35: returned_null: "newDecoder" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:35: var_assigned: Assigning: "decoder" = "null" return value from "newDecoder". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:38: path: Condition "i < 128", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java:43: null_method_call: Calling a method on null object "decoder". +# 41| inBytes.flip(); +# 42| try { +# 43|-> outChars = decoder.decode(inBytes); +# 44| } catch (CharacterCodingException e) { +# 45| return false; + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:281: path: Condition "paramCount > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: var_compare_op: Comparing "paramTypes" to null implies that "paramTypes" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:316: null_array_length: Accessing length of null array "paramTypes". +# 314| // We only do the conversion if the param value is a String and +# 315| // the specified paramType is not String. +# 316|-> Object paramValues[] = new Object[paramTypes.length]; +# 317| for (int i = 0; i < paramTypes.length; i++) { +# 318| // convert nulls and convert stringy parameters + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:280: assign_zero: Assigning: "parameters" = "null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:281: path: Condition "paramCount > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:299: path: Condition "paramTypes.length != 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:317: path: Condition "i < paramTypes.length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java:320: null_array_access: Accessing an element on null array "parameters". +# 318| // convert nulls and convert stringy parameters +# 319| // for non-stringy param types +# 320|-> Object param = parameters[i]; +# 321| // Tolerate null non-primitive values +# 322| if(null == param && !paramTypes[i].isPrimitive()) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:273: path: Condition "size >= 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:276: path: Condition "cachedContent != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:279: path: Condition "dfos.isInMemory()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:280: returned_null: "getData" returns "null" (checked 0 out of 3 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java:280: null_array_length: Accessing length of null array "dfos.getData()". +# 278| } +# 279| if (dfos.isInMemory()) { +# 280|-> return dfos.getData().length; +# 281| } +# 282| return dfos.getFile().length(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:625: path: Condition "org.apache.tomcat.util.modeler.Registry.log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:629: path: Condition "bean == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:635: path: Condition "type == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:639: returned_null: "findManagedBean" returns "null" (checked 0 out of 1 times). (The virtual call resolves to "org.apache.tomcat.util.modeler.NoDescriptorRegistry.findManagedBean".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:639: var_assigned: Assigning: "managed" = "null" return value from "findManagedBean". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java:642: null_method_call: Calling a method on null object "managed". +# 640| +# 641| // The real mbean is created and registered +# 642|-> DynamicMBean mbean = managed.createMBean(bean); +# 643| +# 644| if (getMBeanServer().isRegistered(oname)) { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:47: returned_null: "getResource" returns "null" (checked 3 out of 5 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:47: var_assigned: Assigning: "url" = "null" return value from "getResource". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java:49: null_method_call: Calling a method on null object "url". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java:41: example_assign: Example 1: Assigning: "classpathUrl" = return value from "(org.apache.catalina.webresources.ClasspathURLStreamHandler.class).getResource(path)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java:44: example_checked: Example 1 (cont.): "classpathUrl" has its value checked in "classpathUrl == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:154: example_assign: Example 2: Assigning: "location" = return value from "org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_SERVLET_CONTEXT.getResource("resources/" + name)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:155: example_checked: Example 2 (cont.): "location" has its value checked in "location == null". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:156: example_assign: Example 3: Assigning: "location" = return value from "org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_JSP_CONTEXT.getResource("resources/" + name)". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java:158: example_checked: Example 3 (cont.): "location" has its value checked in "location == null". +# 47| URL url = Registry.getRegistry(null, null).getClass().getResource +# 48| ("/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd"); +# 49|-> digester.register +# 50| ("-//Apache Software Foundation//DTD Model MBeans Configuration File", +# 51| url.toString()); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:95: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:95: identity: Calling "iterator". This call assigns "sslHostConfig.getCertificates(true)" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:95: assign: Assigning: "certificate$iterator" = "sslHostConfig.getCertificates(true).iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:95: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:95: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:96: identity: Calling "getSSLUtil". This call assigns "certificate" to "().certificate". (The virtual call resolves to "org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate)".) Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:96: assign: Assigning: "sslUtil" = "sslImplementation.getSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:105: password_use: Calling "createSSLContext". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:105: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 103| SSLContext sslContext; +# 104| try { +# 105|-> sslContext = sslUtil.createSSLContext(negotiableProtocols); +# 106| } catch (Exception e) { +# 107| throw new IllegalArgumentException(e.getMessage(), e); +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java:105: note: trimmed 1 message(s) with length over 512 + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: assign: Assigning: "certificates" = "sslHostConfig.getCertificates(true)". Now "(certificates).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: identity: Calling "iterator". This call assigns "certificates" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: assign: Assigning: "certificate$iterator" = "certificates.iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:457: identity: Calling "OpenSSLUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:457: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:462: password_use: Calling "createSSLContext". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:462: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 460| +# 461| try { +# 462|-> sslContext = (OpenSSLContext) sslUtil.createSSLContext(negotiableProtocols); +# 463| } catch (Exception e) { +# 464| throw new IllegalArgumentException(e.getMessage(), e); +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:462: note: trimmed 1 message(s) with length over 512 + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: identity: Calling "getCertificates". +* This call assigns "changeit" to "(sslHostConfig.defaultCertificate).certificateKeystorePassword". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) Now ".certificateKeystorePassword" is equal to "changeit". +* This call assigns a reference to "sslHostConfig.defaultCertificate" to "sslHostConfig.certificates". (The virtual call resolves to "org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)".) No [...] +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:454: assign: Assigning: "certificates" = "sslHostConfig.getCertificates(true)". Now "(certificates).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: identity: Calling "iterator". This call assigns "certificates" to "". (The virtual call resolves to "java.util.Set.iterator()".) Now ".certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: assign: Assigning: "certificate$iterator" = "certificates.iterator()". Now "(certificate$iterator).certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: identity: Calling "next". This call returns "certificate$iterator". (The virtual call resolves to "java.util.Iterator.next()".) Now "certificate$iterator.next().certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:455: assign: Assigning: "certificate" = "certificate$iterator.next()". Now "certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:467: identity: Calling "OpenSSLUtil". This call assigns "certificate" to ".certificate". Now ".certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:467: assign: Assigning: "sslUtil" = "new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)". Now "sslUtil.certificate.certificateKeystorePassword" is equal to "changeit". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:468: password_use: Calling "getKeyManagers". This call uses the constant string as a password. (The virtual call resolves to "org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers()".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:468: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 466| } else { +# 467| SSLUtil sslUtil = new OpenSSLUtil(certificate); +# 468|-> KeyManager[] kms = sslUtil.getKeyManagers(); +# 469| certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms)); +# 470| sslContext.addCertificate(certificate); +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:468: note: trimmed 1 message(s) with length over 512 + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1063: path: Condition "size == sockets.length", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1066: path: Condition "i < size", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1067: path: Condition "sockets[i] == socket", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1071: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1066: path: Condition "i < size", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1075: read_volatile: Reading "size", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1075: intervening_update: Another thread writes to "size". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1075: stale_update: Updating "size" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1063: example_comparison: Example 1: Example comparison of "size" to value, suggesting a semantically meaningful use. +# 1073| timeouts[size] = timeout; +# 1074| flags[size] = flag; +# 1075|-> size++; +# 1076| return true; +# 1077| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1081: path: Condition "i < size", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1082: path: Condition "sockets[i] == socket", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1086: read_volatile: Reading "size", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1086: intervening_update: Another thread writes to "size". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1086: stale_update: Updating "size" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:1063: example_comparison: Example 1: Example comparison of "size" to value, suggesting a semantically meaningful use. +# 1084| timeouts[i] = timeouts[size - 1]; +# 1085| flags[size] = flags[size -1]; +# 1086|-> size--; +# 1087| return true; +# 1088| } + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2798: path: Condition "getError() == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2801: path: Condition "!completionDone", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2811: path: Condition "i < length", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2812: path: Condition "buffers[i + offset].hasRemaining()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2814: path: Breaking from loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2817: path: Condition "buffer == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2817: var_compare_op: Comparing "buffer" to null implies that "buffer" might be null. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2817: path: Condition "flushBytes == 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2822: path: Condition "read", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2825: path: Condition "block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2825: path: Condition "!flush(block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2826: path: Condition "flushBytes > 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java:2831: null_method_call: Calling a method on null object "buffer". +# 2829| flushBytes = 0; +# 2830| } else { +# 2831|-> @SuppressWarnings("null") // Not possible +# 2832| int remaining = buffer.remaining(); +# 2833| write(block == BlockingMode.BLOCK, buffer); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1459: path: Condition "data.fchannel == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1462: alloc_fn: A new resource is returned from allocation method "open". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java:1462: leaked_resource: Failing to save or close resource created by "java.nio.channels.FileChannel.open(path, java.nio.file.StandardOpenOption.READ)" leaks it. +# 1460| java.nio.file.Path path = new File(sendfileData.fileName).toPath(); +# 1461| try { +# 1462|-> data.fchannel = java.nio.channels.FileChannel +# 1463| .open(path, StandardOpenOption.READ).position(sendfileData.pos); +# 1464| } catch (IOException e) { + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:240: path: Condition "getUseInheritedChannel()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:249: path: Condition "getUnixDomainSocketPath() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:253: path: Condition "getUnixDomainSocketPathPermissions() != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:257: alloc_fn: A new resource is returned from allocation method "getFileSystem". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:257: path: Condition "path.getFileSystem().supportedFileAttributeViews().contains("posix")", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:257: leaked_resource: Failing to save or close resource created by "path.getFileSystem()" leaks it. +# 255| Set permissions = +# 256| PosixFilePermissions.fromString(getUnixDomainSocketPathPermissions()); +# 257|-> if (path.getFileSystem().supportedFileAttributeViews().contains("posix")) { +# 258| FileAttribute> attrs = PosixFilePermissions.asFileAttribute(permissions); +# 259| Files.setAttribute(path, attrs.name(), attrs.value()); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:546: alloc_fn: A new resource is returned from allocation method "accept". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:546: var_assign: Assigning: "result" = resource returned from "serverSock.accept()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:549: path: Condition "!org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:550: noescape: Resource "result" is not closed or saved in "getRemoteAddress". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:552: path: Condition "currentRemoteAddress.equals(previousAcceptedSocketRemoteAddress)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:552: path: Condition "currentNanoTime - previousAcceptedSocketNanoTime < 1000", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:554: path: Throwing "java.io.IOException"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java:554: leaked_resource: Variable "result" going out of scope leaks the resource it refers to. +# 552| if (currentRemoteAddress.equals(previousAcceptedSocketRemoteAddress) && +# 553| currentNanoTime - previousAcceptedSocketNanoTime < 1000) { +# 554|-> throw new IOException(sm.getString("endpoint.err.duplicateAccept")); +# 555| } +# 556| previousAcceptedSocketRemoteAddress = currentRemoteAddress; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: read_volatile: Reading "readBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: intervening_update: Another thread writes to "readBuffer". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:222: stale_update: Updating "readBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 220| public void expand(int newSize) { +# 221| configureReadBufferForWrite(); +# 222|-> readBuffer = ByteBufferUtils.expand(readBuffer, newSize); +# 223| configureWriteBufferForWrite(); +# 224| writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: read_volatile: Reading "writeBuffer", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: intervening_update: Another thread writes to "writeBuffer". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java:224: stale_update: Updating "writeBuffer" based on a stale value. Any intervening update in another thread is overwritten. +# 222| readBuffer = ByteBufferUtils.expand(readBuffer, newSize); +# 223| configureWriteBufferForWrite(); +# 224|-> writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize); +# 225| } +# 226| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:256: read_volatile: Reading "keepAliveLeft", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:256: intervening_update: Another thread writes to "keepAliveLeft". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:256: stale_update: Updating "keepAliveLeft" based on a stale value. Any intervening update in another thread is overwritten. +# 254| +# 255| public void setKeepAliveLeft(int keepAliveLeft) { this.keepAliveLeft = keepAliveLeft; } +# 256|-> public int decrementKeepAlive() { return (--keepAliveLeft); } +# 257| +# 258| public String getRemoteHost() { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1086: path: Condition "nBytes.longValue() < 0", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1089: read_volatile: Reading "state.nBytes", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1089: intervening_update: Another thread writes to "state.nBytes". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java:1089: stale_update: Updating "state.nBytes" based on a stale value. Any intervening update in another thread is overwritten. +# 1087| failed(new EOFException(), state); +# 1088| } else { +# 1089|-> state.nBytes += nBytes.longValue(); +# 1090| CompletionState currentState = state.isInline() ? CompletionState.INLINE : CompletionState.DONE; +# 1091| boolean complete = true; + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:295: path: Condition "initialized", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:300: path: Condition "sslHostConfig.getInsecureRenegotiation()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:302: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:308: path: Condition "sslHostConfig.getHonorCipherOrder()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:310: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:315: path: Condition "sslHostConfig.getDisableCompression()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:317: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:322: path: Condition "sslHostConfig.getDisableSessionTickets()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:324: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:331: path: Condition "certificate.getCertificateFile() == null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:339: path: Switch case value "org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification.NONE". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:342: path: Breaking from switch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:355: path: Condition "tms != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:375: returned_null: "getAcceptedIssuers" returns "null" (checked 1 out of 3 times). (The virtual call resolves to "org.apache.catalina.tribes.membership.cloud.AbstractStreamProvider.1.getAcceptedIssuers".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java:375: null_array_length: Accessing length of null array "x509TrustManager.getAcceptedIssuers()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java:99: example_assign: Example 1: Assigning: "accepted" = return value from "((javax.net.ssl.X509TrustManager)tm).getAcceptedIssuers()". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java:100: example_checked: Example 1 (cont.): "accepted" has its value checked in "accepted != null". +# 373| // by the server during the handshake to allow the client choosing +# 374| // an acceptable certificate +# 375|-> for (X509Certificate caCert : x509TrustManager.getAcceptedIssuers()) { +# 376| SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded()); +# 377| if (log.isDebugEnabled()) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1176: path: Condition "task != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1182: path: Condition "org.apache.tomcat.util.threads.ThreadPoolExecutor.runStateAtLeast(ctl.get(), 536870912 /* org.apache.tomcat.util.threads.ThreadPoolExecutor.STOP */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1182: path: Condition "!wt.isInterrupted()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1193: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1199: read_volatile: Reading "w.completedTasks", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1199: intervening_update: Another thread writes to "w.completedTasks". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java:1199: stale_update: Updating "w.completedTasks" based on a stale value. Any intervening update in another thread is overwritten. +# 1197| } finally { +# 1198| task = null; +# 1199|-> w.completedTasks++; +# 1200| w.unlock(); +# 1201| } + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:188: new_resource: "new java.io.FileWriter(destination, false)" creates a new resource. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:188: var_assign: Assigning: "writer" = resource returned from "new java.io.BufferedWriter(new java.io.FileWriter(destination, false))". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: noescape: Resource "writer" is not closed or saved in "write". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: path: Throwing "java.io.IOException" (or subclass) from call to "write"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java:189: leaked_resource: Variable "writer" going out of scope leaks the resource it refers to. +# 187| File destination = new File(directory, className+".java"); +# 188| BufferedWriter writer = new BufferedWriter(new FileWriter(destination, false)); +# 189|-> writer.write(code.toString()); +# 190| writer.flush(); +# 191| writer.close(); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:329: path: Iterating over another element of "uncompressedParts". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: path: Condition "emptyMessage", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: path: Condition "emptyPart", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: read_volatile: Reading "emptyMessage", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: intervening_update: Another thread writes to "emptyMessage". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java:332: stale_update: Updating "emptyMessage" based on a stale value. Any intervening update in another thread is overwritten. +# 330| byte opCode = uncompressedPart.getOpCode(); +# 331| boolean emptyPart = uncompressedPart.getPayload().limit() == 0; +# 332|-> emptyMessage = emptyMessage && emptyPart; +# 333| if (Util.isControl(opCode)) { +# 334| // Control messages can appear in the middle of other messages + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:194: path: Iterating over another element of "interfaces". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:196: path: Condition "iface instanceof java.lang.reflect.ParameterizedType", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:199: path: Condition "pi.getRawType() instanceof java.lang.Class", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:200: path: Condition "type.isAssignableFrom((java.lang.Class)pi.getRawType())", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:206: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:194: path: No elements left in "interfaces", leaving loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:212: path: Condition "superClazz == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:219: path: Condition "superClassTypeResult.getIndex() == -1", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:225: path: Condition "superClassTypeResult.getIndex() > -1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:229: returned_null: "getGenericSuperclass" returns "null" (checked 0 out of 2 times). +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:229: var_assigned: Assigning: "superClassType" = "null" return value from "getGenericSuperclass". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java:231: null_method_call: Calling a method on null object "superClassType". +# 229| ParameterizedType superClassType = +# 230| (ParameterizedType) clazz.getGenericSuperclass(); +# 231|-> TypeResult result = getTypeParameter(clazz, +# 232| superClassType.getActualTypeArguments()[ +# 233| superClassTypeResult.getIndex()]); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:673: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 671| long toSkip = Math.min(payloadLength - payloadWritten, inputBuffer.remaining()); +# 672| inputBuffer.position(inputBuffer.position() + (int) toSkip); +# 673|-> payloadWritten += toSkip; +# 674| if (payloadWritten == payloadLength) { +# 675| if (continuationExpected) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:971: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 969| dest.put(inputBuffer); +# 970| inputBuffer.limit(orgLimit); +# 971|-> payloadWritten += toWrite; +# 972| +# 973| if (payloadWritten == payloadLength) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "payloadWritten < payloadLength", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "inputBuffer.remaining() > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1005: path: Condition "dest.hasRemaining()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1009: path: Condition "maskIndex == 4", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: intervening_update: Another thread writes to "payloadWritten". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:1012: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java:973: example_comparison: Example 1: Example comparison of "payloadWritten" to value, suggesting a semantically meaningful use. +# 1010| maskIndex = 0; +# 1011| } +# 1012|-> payloadWritten++; +# 1013| dest.put(b); +# 1014| } + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:193: path: Condition "log.isDebugEnabled()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:203: path: Condition ""ws".equalsIgnoreCase(scheme)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:205: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:215: path: Condition "host == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:227: path: Iterating over another element of "proxies". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:228: path: Condition "proxy.type().equals(java.net.Proxy.Type.HTTP)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:230: path: Condition "sa instanceof java.net.InetSocketAddress", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:232: path: Condition "inet.isUnresolved()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:237: path: Breaking from loop. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:243: path: Condition "port == -1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:244: path: Condition ""ws".equalsIgnoreCase(scheme)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:246: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:253: path: Condition "sa == null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:263: path: Condition "org.apache.tomcat.websocket.Constants.DEFAULT_ORIGIN_HEADER_VALUE != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:263: path: Condition "!reqHeaders.containsKey("Origin" /* org.apache.tomcat.websocket.Constants.ORIGIN_HEADER_NAME */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:273: alloc_fn: A new resource is returned from allocation method "open". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:273: var_assign: Assigning: "socketChannel" = resource returned from "java.nio.channels.AsynchronousSocketChannel.open(getAsynchronousChannelGroup())". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:274: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:284: path: Condition "timeoutValue != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:285: path: Throwing "java.lang.NumberFormatException" from call to "valueOf"; exiting method with uncaught exception. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:285: leaked_resource: Variable "socketChannel" going out of scope leaks the resource it refers to. +# 283| String timeoutValue = (String) userProperties.get(Constants.IO_TIMEOUT_MS_PROPERTY); +# 284| if (timeoutValue != null) { +# 285|-> timeout = Long.valueOf(timeoutValue).intValue(); +# 286| } +# 287| + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:921: hardcoded_credential: The constant string ""changeit"" is a credential or key. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:921: assign: Assigning: "sslTrustStorePwdValue" = ""changeit"". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:927: identity: Calling "toCharArray". This call assigns "sslTrustStorePwdValue" to "". (The virtual call resolves to "java.lang.String.toCharArray()".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:927: password_use: Calling "load". This call uses the constant string as a password. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java:927: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 925| KeyStore ks = KeyStore.getInstance("JKS"); +# 926| try (InputStream is = new FileInputStream(keyStoreFile)) { +# 927|-> KeyStoreUtil.load(ks, is, sslTrustStorePwdValue.toCharArray()); +# 928| } +# 929| + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:91: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:97: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:103: path: Condition "value != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:107: returned_null: "addFilter" returns "null" (checked 0 out of 2 times). (The virtual call resolves to "org.apache.catalina.core.ApplicationContext.addFilter".) +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:107: var_assigned: Assigning: "fr" = "null" return value from "addFilter". +apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java:109: null_method_call: Calling a method on null object "fr". +# 107| FilterRegistration.Dynamic fr = servletContext.addFilter( +# 108| "Tomcat WebSocket (JSR356) Filter", new WsFilter()); +# 109|-> fr.setAsyncSupported(true); +# 110| +# 111| EnumSet types = EnumSet.of(DispatcherType.REQUEST, + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1069: path: Condition "busy.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1072: return_iterator: Call to "iterator" returns an iterator from "busy". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1072: assign: Assigning: "locked" = "busy.iterator()". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1074: path: Condition "locked.hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1081: path: Condition "idle.contains(con)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1081: path: Condition "con.isReleased()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1086: path: Condition "shouldAbandon()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1086: path: Condition "now - time > con.getAbandonTimeout()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1087: modify_iterable: Call to "remove" modifies "Iterable" "busy" which invalidates iterator "locked". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1090: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1097: path: Condition "setToNull", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1101: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1074: invalid_iterator: Using invalid iterator "locked" in call to "hasNext". +# 1072| Iterator locked = busy.iterator(); +# 1073| int sto = getPoolProperties().getSuspectTimeout(); +# 1074|-> while (locked.hasNext()) { +# 1075| PooledConnection con = locked.next(); +# 1076| boolean setToNull = false; + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1120: path: Condition "idle.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1124: return_iterator: Call to "iterator" returns an iterator from "idle". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1124: assign: Assigning: "unlocked" = "idle.iterator()". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "ignoreMinSize", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "unlocked.hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1131: path: Condition "busy.contains(con)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1135: path: Condition "shouldReleaseIdle(now, con, time)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1138: modify_iterable: Call to "remove" modifies "Iterable" "idle" which invalidates iterator "unlocked". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1140: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1145: path: Condition "setToNull", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1149: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: path: Condition "ignoreMinSize", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1125: invalid_iterator: Using invalid iterator "unlocked" in call to "hasNext". +# 1123| long now = System.currentTimeMillis(); +# 1124| Iterator unlocked = idle.iterator(); +# 1125|-> while ( (ignoreMinSize || (idle.size()>=getPoolProperties().getMinIdle())) && unlocked.hasNext()) { +# 1126| PooledConnection con = unlocked.next(); +# 1127| boolean setToNull = false; + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1181: path: Condition "idle.isEmpty()", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1184: return_iterator: Call to "iterator" returns an iterator from "idle". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1184: assign: Assigning: "unlocked" = "idle.iterator()". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1185: path: Condition "unlocked.hasNext()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1190: path: Condition "busy.contains(con)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1195: path: Condition "checkMaxAgeOnly", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1196: path: Condition "!reconnectIfExpired(con)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1197: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1200: path: Condition "release", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1201: modify_iterable: Call to "remove" modifies "Iterable" "idle" which invalidates iterator "unlocked". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1207: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java:1185: invalid_iterator: Using invalid iterator "unlocked" in call to "hasNext". +# 1183| } +# 1184| Iterator unlocked = idle.iterator(); +# 1185|-> while (unlocked.hasNext()) { +# 1186| PooledConnection con = unlocked.next(); +# 1187| try { + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:99: path: Condition "!waiters.isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:101: returned_null: "waiters.poll()" returns "null". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:101: var_assigned: Assigning: "c" = "null" return value from "poll". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java:103: null_method_call: Calling a method on null object "c". +# 101| c = waiters.poll(); +# 102| //give the object to the thread instead of adding it to the pool +# 103|-> c.setItem(e); +# 104| if (isLinux) { +# 105| c.countDown(); + +Error: NULL_RETURNS (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:110: path: Condition "!waiters[idx].isEmpty()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:112: returned_null: "waiters[idx].poll()" returns "null". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:112: var_assigned: Assigning: "c" = "null" return value from "poll". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java:114: null_method_call: Calling a method on null object "c". +# 112| c = waiters[idx].poll(); +# 113| //give the object to the thread instead of adding it to the pool +# 114|-> c.setItem(e); +# 115| } else { +# 116| //we always add first, so that the most recently used object will be given out + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:269: password_use: Calling "getXAConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.XADataSource.getXAConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:269: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 267| javax.sql.XADataSource xds = (javax.sql.XADataSource)poolProperties.getDataSource(); +# 268| if (usr!=null && pwd!=null) { +# 269|-> xaConnection = xds.getXAConnection(usr, pwd); +# 270| connection = xaConnection.getConnection(); +# 271| } else { + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:278: password_use: Calling "getConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.DataSource.getConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:278: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 276| javax.sql.DataSource ds = (javax.sql.DataSource)poolProperties.getDataSource(); +# 277| if (usr!=null && pwd!=null) { +# 278|-> connection = ds.getConnection(usr, pwd); +# 279| } else { +# 280| connection = ds.getConnection(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:254: path: Condition "getAttributes().containsKey("user" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:256: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:260: path: Condition "getAttributes().containsKey("password" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:262: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:266: path: Condition "poolProperties.getDataSource() instanceof javax.sql.XADataSource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:275: path: Condition "poolProperties.getDataSource() instanceof javax.sql.DataSource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:282: path: Condition "poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "usr != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "pwd != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: jdbc_fn: An open JDBC connection is returned from "getPooledConnection". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: noescape: Resource "ds.getPooledConnection(usr, pwd)" is not closed or saved in "getConnection". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: leaked_connection: Failing to save or close JDBC connection open by "ds.getPooledConnection(usr, pwd)" leaks it. +# 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource(); +# 284| if (usr!=null && pwd!=null) { +# 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection(); +# 286| } else { +# 287| connection = ds.getPooledConnection().getConnection(); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) Now "poolProperties.getPassword()" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:263: assign: Assigning: "pwd" = "poolProperties.getPassword()". Now "pwd" is equal to "Password not available as DataSource/JMX operation.". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: password_use: Calling "getPooledConnection". This call uses the constant string as a password. (The virtual call resolves to "javax.sql.ConnectionPoolDataSource.getPooledConnection(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:285: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource(); +# 284| if (usr!=null && pwd!=null) { +# 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection(); +# 286| } else { +# 287| connection = ds.getPooledConnection().getConnection(); + +Error: RESOURCE_LEAK (CWE-404): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:254: path: Condition "getAttributes().containsKey("user" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:256: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:260: path: Condition "getAttributes().containsKey("password" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:262: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:266: path: Condition "poolProperties.getDataSource() instanceof javax.sql.XADataSource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:275: path: Condition "poolProperties.getDataSource() instanceof javax.sql.DataSource", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:282: path: Condition "poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "usr != null", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:284: path: Condition "pwd != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:287: jdbc_fn: An open JDBC connection is returned from "getPooledConnection". (The virtual call resolves to "org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.getPooledConnection".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:287: noescape: Resource "ds.getPooledConnection()" is not closed or saved in "getConnection". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:287: leaked_connection: Failing to save or close JDBC connection open by "ds.getPooledConnection()" leaks it. +# 285| connection = ds.getPooledConnection(usr, pwd).getConnection(); +# 286| } else { +# 287|-> connection = ds.getPooledConnection().getConnection(); +# 288| } +# 289| } else { + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: assign: Assigning: "pwd" = "poolProperties.getPassword()". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:340: identity: Calling "setProperty". This call assigns "pwd" to "properties". (The virtual call resolves to "java.util.Properties.setProperty(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:345: password_use: Calling "getConnection". This call uses the constant string as a password. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:345: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 343| try { +# 344| if (driver==null) { +# 345|-> connection = DriverManager.getConnection(driverURL, properties); +# 346| } else { +# 347| connection = driver.connect(driverURL, properties); + +Error: HARDCODED_CREDENTIALS (CWE-259): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: identity: Calling "getPassword". This call returns "Password not available as DataSource/JMX operation.". (The virtual call resolves to "org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:332: assign: Assigning: "pwd" = "poolProperties.getPassword()". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:340: identity: Calling "setProperty". This call assigns "pwd" to "properties". (The virtual call resolves to "java.util.Properties.setProperty(java.lang.String, java.lang.String)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:347: password_use: Calling "connect". This call uses the constant string as a password. (The virtual call resolves to "java.sql.Driver.connect(java.lang.String, java.util.Properties)".) +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java:347: remediation: Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users. +# 345| connection = DriverManager.getConnection(driverURL, properties); +# 346| } else { +# 347|-> connection = driver.connect(driverURL, properties); +# 348| } +# 349| } catch (Exception x) { + +Error: FORWARD_NULL (CWE-476): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:93: path: Condition "compare("isClosed" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.ISCLOSED_VAL */, method)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:96: path: Condition "compare("close" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.CLOSE_VAL */, method)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:105: path: Condition "compare("toString" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.TOSTRING_VAL */, method)", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: path: Condition "compare("getConnection" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.GETCONNECTION_VAL */, method)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: path: Condition "connection != null", taking false branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:107: var_compare_op: Comparing "connection" to null implies that "connection" might be null. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:109: path: Condition "method.getDeclaringClass().isAssignableFrom(javax.sql.XAConnection.class)", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java:111: null_method_call: Calling a method on null object "connection". +# 109| } else if (method.getDeclaringClass().isAssignableFrom(XAConnection.class)) { +# 110| try { +# 111|-> return method.invoke(connection.getXAConnection(),args); +# 112| }catch (Throwable t) { +# 113| if (t instanceof InvocationTargetException) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: read_volatile: Reading "prepareCount", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: intervening_update: Another thread writes to "prepareCount". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:418: stale_update: Updating "prepareCount" based on a stale value. Any intervening update in another thread is overwritten. +# 416| +# 417| public void prepare(long invocationTime) { +# 418|-> prepareCount++; +# 419| prepareTime+=invocationTime; +# 420| + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: read_volatile: Reading "prepareTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: intervening_update: Another thread writes to "prepareTime". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:419: stale_update: Updating "prepareTime" based on a stale value. Any intervening update in another thread is overwritten. +# 417| public void prepare(long invocationTime) { +# 418| prepareCount++; +# 419|-> prepareTime+=invocationTime; +# 420| +# 421| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: read_volatile: Reading "maxInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: intervening_update: Another thread writes to "maxInvocationTime". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:425: stale_update: Updating "maxInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: example_comparison: Example 1: Example comparison of "maxInvocationTime" to value, suggesting a semantically meaningful use. +# 423| public void add(long invocationTime, long now) { +# 424| //not thread safe, but don't sacrifice performance for this kind of stuff +# 425|-> maxInvocationTime = Math.max(invocationTime, maxInvocationTime); +# 426| if (maxInvocationTime == invocationTime) { +# 427| maxInvocationDate = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: read_volatile: Reading "minInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: intervening_update: Another thread writes to "minInvocationTime". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:429: stale_update: Updating "minInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: example_comparison: Example 1: Example comparison of "minInvocationTime" to value, suggesting a semantically meaningful use. +# 427| maxInvocationDate = now; +# 428| } +# 429|-> minInvocationTime = Math.min(invocationTime, minInvocationTime); +# 430| if (minInvocationTime==invocationTime) { +# 431| minInvocationDate = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: path: Condition "minInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: read_volatile: Reading "nrOfInvocations", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: intervening_update: Another thread writes to "nrOfInvocations". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:433: stale_update: Updating "nrOfInvocations" based on a stale value. Any intervening update in another thread is overwritten. +# 431| minInvocationDate = now; +# 432| } +# 433|-> nrOfInvocations++; +# 434| totalInvocationTime+=invocationTime; +# 435| lastInvocation = now; + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:426: path: Condition "maxInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:430: path: Condition "minInvocationTime == invocationTime", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: read_volatile: Reading "totalInvocationTime", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: intervening_update: Another thread writes to "totalInvocationTime". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:434: stale_update: Updating "totalInvocationTime" based on a stale value. Any intervening update in another thread is overwritten. +# 432| } +# 433| nrOfInvocations++; +# 434|-> totalInvocationTime+=invocationTime; +# 435| lastInvocation = now; +# 436| } + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: read_volatile: Reading "failures", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: intervening_update: Another thread writes to "failures". +apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java:440: stale_update: Updating "failures" based on a stale value. Any intervening update in another thread is overwritten. +# 438| public void failure(long invocationTime, long now) { +# 439| add(invocationTime,now); +# 440|-> failures++; +# 441| +# 442| } + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: return_thread_shared: Call to "getServletConfig" returns a pointer to thread-shared data. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:27: thread_entry_point: "doGet" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: thread_unsafe_modification: Thread-shared "getServletConfig()" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: write: "getServletConfig()" is modified in call to "getServletContext". (The virtual call resolves to "org.apache.catalina.core.StandardWrapper.getServletContext".) +# 31| // Set the attribute and Forward to hello.jsp +# 32| request.setAttribute ("servletName", "servletToJsp"); +# 33|-> getServletConfig().getServletContext().getRequestDispatcher( +# 34| "/jsp/jsptoserv/hello.jsp").forward(request, response); +# 35| } catch (Exception ex) { + +Error: UNLOCKED_ACCESS (CWE-820): +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:27: thread_entry_point: "doGet" is an entry point because it implements a request handler from "Servlet". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: thread_unsafe_modification: Thread-shared "getServletConfig().config" is modified in a concurrent context without any synchronization. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: remediation: To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: write: "getServletConfig().config" is modified in call to "getServletContext". (The virtual call resolves to "javax.servlet.GenericServlet.getServletContext".) +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java:33: thread_shared_data: "getServletConfig()" is thread-shared because it has type "javax.servlet.GenericServlet". +apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java:40: thread_shared_derived: "javax.servlet.GenericServlet" is thread-shared because it implements "javax.servlet.Servlet". +# 31| // Set the attribute and Forward to hello.jsp +# 32| request.setAttribute ("servletName", "servletToJsp"); +# 33|-> getServletConfig().getServletContext().getRequestDispatcher( +# 34| "/jsp/jsptoserv/hello.jsp").forward(request, response); +# 35| } catch (Exception ex) { + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:91: path: Condition "run", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:92: path: Condition "j < 1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:94: path: Condition "i < 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:100: path: Condition "plus", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:102: path: Falling through to end of if statement. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: read_volatile: Reading "ticknr", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: intervening_update: Another thread writes to "ticknr". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java:105: stale_update: Updating "ticknr" based on a stale value. Any intervening update in another thread is overwritten. +# 103| stock.setValue(stock.getValue() - change); +# 104| } +# 105|-> stock.setCnt(++ticknr); +# 106| for (TickListener l : listeners) { +# 107| l.tick(stock); + +Error: VOLATILE_ATOMICITY (CWE-366): +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:105: path: Condition "sis.isReady()", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:105: path: Condition "read > -1", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:107: path: Condition "read > 0", taking true branch. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: read_volatile: Reading "totalBytesRead", a volatile field, without any lock held. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: intervening_update: Another thread writes to "totalBytesRead". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java:108: stale_update: Updating "totalBytesRead" based on a stale value. Any intervening update in another thread is overwritten. +# 106| read = sis.read(buffer); +# 107| if (read > 0) { +# 108|-> totalBytesRead += read; +# 109| } +# 110| } + +Error: INVALIDATE_ITERATOR (CWE-119): +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: enhanced_for: Starting an iteration on "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: path: Iterating over another element of "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:95: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:107: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: path: Iterating over another element of "websocket.chat.ChatAnnotation.connections". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:93: path: Throwing "java.io.IOException" (or subclass) from call to "sendText". (The virtual call resolves to "org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText".) +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:95: path: Catching exception. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:97: modify_iterable: Call to "remove" modifies "Iterable" "websocket.chat.ChatAnnotation.connections" which invalidates the iterator for the loop on that "Iterable". +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:100: path: Falling through to end of try statement. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:107: path: Jumping back to the beginning of the loop. +apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java:90: invalid_loop: Attempting to obtain another element from "websocket.chat.ChatAnnotation.connections" after it's been modified. +# 88| +# 89| private static void broadcast(String msg) { +# 90|-> for (ChatAnnotation client : connections) { +# 91| try { +# 92| synchronized (client) { + +Error: NULL_RETURNS (CWE-476): +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1067: path: Condition "first", taking true branch. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1068: returned_null: "peek_token" returns "nil" (checked 36 out of 37 times). +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1068: var_assigned: Assigning: "token" = "nil" return value from "peek_token". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1069: null_field_access: Accessing field of null object "token". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:458: example_assign: Example 1: Assigning: "token" = return value from "peek_token(parser)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:459: example_checked: Example 1 (cont.): "token" has its value checked in "token == nil". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:791: example_assign: Example 2: Assigning: "token" = return value from "peek_token(parser)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:792: example_checked: Example 2 (cont.): "token" has its value checked in "token == nil". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1183: example_assign: Example 3: Assigning: "token" = return value from "peek_token(parser)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1184: example_checked: Example 3 (cont.): "token" has its value checked in "token == nil". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1216: example_assign: Example 4: Assigning: "token" = return value from "peek_token(parser)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:1217: example_checked: Example 4 (cont.): "token" has its value checked in "token == nil". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:232: example_assign: Example 5: Assigning: "token" = return value from "peek_token(parser)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go:233: example_checked: Example 5 (cont.): "token" has its value checked in "token == nil". +# 1067| if first { +# 1068| token := peek_token(parser) +# 1069|-> parser.marks = append(parser.marks, token.start_mark) +# 1070| skip_token(parser) +# 1071| } + +Error: PATH_MANIPULATION (CWE-22): +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:269: assign: Assigning: "resp" = "c.Request("GET", route, "", {})". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:285: taint: The field "resp.Header" is a source of untrusted data. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:285: identity: Calling "Get". This call assigns "resp.Header" to "". Now "" is tainted. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:285: identity: Calling "GetContentFilename". This call assigns "resp.Header.Get("content-disposition")" to ".$0". Now ".$0" is tainted. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:285: assign: Assigning: "fileName" = "GetContentFilename(resp.Header.Get("content-disposition"))". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:289: assign: Assigning: "[1]" = "fileName". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:289: identity: Calling "Join". This call assigns "{path, fileName}" to "". Now "" is tainted. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:289: assign: Assigning: "fileName" = "Join(path, fileName)". +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:327: sink: Calling "OpenFile". This call uses "fileName" for sensitive computation. +weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go:327: remediation: Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal. +# 325| return +# 326| } +# 327|-> f, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE, 0600) +# 328| if err != nil { +# 329| return + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:575: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:575: string_overflow: You might overrun the 3-character destination string "c[0].value" by writing 64 characters from "ctl_see(vintr)". +# 573| static struct ctl_char c[9]; +# 574| +# 575|-> c[0].name = "intr"; strcpy(c[0].value, ctl_see(vintr)); +# 576| c[1].name = "quit"; strcpy(c[1].value, ctl_see(vquit)); +# 577| c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:576: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:576: string_overflow: You might overrun the 3-character destination string "c[1].value" by writing 64 characters from "ctl_see(vquit)". +# 574| +# 575| c[0].name = "intr"; strcpy(c[0].value, ctl_see(vintr)); +# 576|-> c[1].name = "quit"; strcpy(c[1].value, ctl_see(vquit)); +# 577| c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); +# 578| c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:577: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:577: string_overflow: You might overrun the 3-character destination string "c[2].value" by writing 64 characters from "ctl_see(verase)". +# 575| c[0].name = "intr"; strcpy(c[0].value, ctl_see(vintr)); +# 576| c[1].name = "quit"; strcpy(c[1].value, ctl_see(vquit)); +# 577|-> c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); +# 578| c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); +# 579| c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:578: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:578: string_overflow: You might overrun the 3-character destination string "c[3].value" by writing 64 characters from "ctl_see(vkill)". +# 576| c[1].name = "quit"; strcpy(c[1].value, ctl_see(vquit)); +# 577| c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); +# 578|-> c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); +# 579| c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); +# 580| c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:579: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:579: string_overflow: You might overrun the 3-character destination string "c[4].value" by writing 64 characters from "ctl_see(veof)". +# 577| c[2].name = "erase"; strcpy(c[2].value, ctl_see(verase)); +# 578| c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); +# 579|-> c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); +# 580| c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); +# 581| c[6].name = "rprnt"; strcpy(c[6].value, ctl_see(vrprnt)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:580: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:580: string_overflow: You might overrun the 3-character destination string "c[5].value" by writing 64 characters from "ctl_see(vwerase)". +# 578| c[3].name = "kill"; strcpy(c[3].value, ctl_see(vkill)); +# 579| c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); +# 580|-> c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); +# 581| c[6].name = "rprnt"; strcpy(c[6].value, ctl_see(vrprnt)); +# 582| c[7].name = "lnext"; strcpy(c[7].value, ctl_see(vlnext)); + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:581: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:581: string_overflow: You might overrun the 3-character destination string "c[6].value" by writing 64 characters from "ctl_see(vrprnt)". +# 579| c[4].name = "eof"; strcpy(c[4].value, ctl_see(veof)); +# 580| c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); +# 581|-> c[6].name = "rprnt"; strcpy(c[6].value, ctl_see(vrprnt)); +# 582| c[7].name = "lnext"; strcpy(c[7].value, ctl_see(vlnext)); +# 583| c[8].name = NULL; + +Error: STRING_OVERFLOW (CWE-120): +suite3270-4.0/Common/linemode.c:582: returned_string: "ctl_see" returns a source buffer of 64 characters in size. +suite3270-4.0/Common/linemode.c:582: string_overflow: You might overrun the 3-character destination string "c[7].value" by writing 64 characters from "ctl_see(vlnext)". +# 580| c[5].name = "werase"; strcpy(c[5].value, ctl_see(vwerase)); +# 581| c[6].name = "rprnt"; strcpy(c[6].value, ctl_see(vrprnt)); +# 582|-> c[7].name = "lnext"; strcpy(c[7].value, ctl_see(vlnext)); +# 583| c[8].name = NULL; +# 584| diff --git a/tests/csdiff/diff-misc/19-cov-parser-key-event-old.err b/tests/csdiff/diff-misc/19-cov-parser-key-event-old.err new file mode 100644 index 00000000..4185c509 --- /dev/null +++ b/tests/csdiff/diff-misc/19-cov-parser-key-event-old.err @@ -0,0 +1,163783 @@ +{ + "scan": { + "analyzer-version-clang": "17.0.1", + "analyzer-version-coverity": "2023.6.1", + "analyzer-version-cppcheck": "2.9", + "analyzer-version-gcc": "11.4.1", + "analyzer-version-gcc-analyzer": "11.4.1", + "analyzer-version-gitleaks": "8.15.1", + "analyzer-version-shellcheck": "0.9.0", + "analyzer-version-snyk-code": "1.1233.0", + "analyzer-version-unicontrol": "0.0.2", + "cov-compilation-unit-count": 354, + "cov-compilation-unit-ratio": 100, + "cov-lines-processed": 278084, + "cov-time-elapsed-analysis": "00:01:03", + "enabled-plugins": "clang, coverity, cppcheck, gcc, gitleaks, shellcheck, snyk, unicontrol", + "exit-code": 0, + "host": "osh-worker-003.osh-001.prod.iad2.dc.redhat.com", + "known-false-positives": "/usr/share/csmock/known-false-positives.js", + "mock-config": "rhel-9-x86_64", + "project-name": "brltty-6.3-4.el9", + "store-results-to": "/tmp/tmp5a8lrusb/brltty-6.3-4.el9.tar.xz", + "time-created": "2023-12-18 13:37:31", + "time-finished": "2023-12-18 13:59:07", + "tool": "csmock", + "tool-args": "'/usr/bin/csmock' '-r' 'rhel-9-x86_64' '-t' 'coverity,clang,snyk,gcc,shellcheck,unicontrol,gitleaks,cppcheck' '-o' '/tmp/tmp5a8lrusb/brltty-6.3-4.el9.tar.xz' '--keep-going' '--use-host-cppcheck' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '/tmp/tmp5a8lrusb/brltty-6.3-4.el9.src.rpm'", + "tool-version": "csmock-3.5.0.20231211.131008.g22bad92.internal-1.el9" + }, + "defects": [ + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "api_linkServer", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "brltty-6.3/python3/Headers/brl_types.h", + "line": 126, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "brltty-6.3/python3/Programs/brlapi_server.c", + "line": 4330, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4328| logMessage(LOG_CATEGORY(SERVER_EVENTS), \"api link\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4329| trueBraille=braille;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4330|-> memcpy(&ApiBraille,braille,sizeof(BrailleDriver));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4331| ApiBraille.writeWindow=api_writeWindow;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4332| ApiBraille.readCommand=api_readCommand;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "read_specs(char const *, bool, bool)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "gcc-4.8.5-20150702/gcc/gcc.c", + "line": 959, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "gcc-4.8.5-20150702/gcc/gcc.c", + "line": 1990, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1988| \t compilers[n_compilers].spec = spec;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1989| \t n_compilers++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1990|-> \t memset (&compilers[n_compilers], 0, sizeof compilers[n_compilers]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1991| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1992| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "main", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "gcc-4.8.5-20150702/gcc/gcc.c", + "line": 959, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "gcc-4.8.5-20150702/gcc/gcc.c", + "line": 6636, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6634| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6635| compilers = XNEWVAR (struct compiler, sizeof default_compilers);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6636|-> memcpy (compilers, default_compilers, sizeof default_compilers);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6637| n_compilers = n_default_compilers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6638| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "get_ivts_expr(rtx_def *, iv_to_split *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "gcc-4.8.5-20150702/gcc/loop-unroll.c", + "line": 2037, + "event": "local_ptr_assign_local", + "message": "Assigning: \"ret\" = \"&expr\" (address of local variable \"expr\").", + "verbosity_level": 1 + }, + { + "file_name": "gcc-4.8.5-20150702/gcc/loop-unroll.c", + "line": 2039, + "event": "path", + "message": "Condition \"i < ivts->n_loc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "gcc-4.8.5-20150702/gcc/loop-unroll.c", + "line": 2042, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"expr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2040| ret = &XEXP (*ret, ivts->loc[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2041| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2042|-> return ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2043| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2044| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "alloc_openable", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 125, + "event": "path", + "message": "Condition \"m\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 130, + "event": "path", + "message": "Condition \"m->s_dev != s_dev\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 131, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 125, + "event": "path", + "message": "Condition \"m\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 130, + "event": "path", + "message": "Condition \"m->s_dev != s_dev\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 132, + "event": "path", + "message": "Condition \"!mnt_is_dir(m)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 138, + "event": "path", + "message": "Condition \"mntfd < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 141, + "event": "tainted_return_value", + "message": "Function \"__userns_call\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 141, + "event": "var_assign", + "message": "Assigning: \"fd\" = \"__userns_call(\"open_by_handle\", open_by_handle, 2, &handle, 136UL, mntfd)\", which taints \"fd\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 143, + "event": "path", + "message": "Condition \"fd < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 143, + "event": "lower_bounds", + "message": "Checking lower bounds of signed scalar \"fd\" by taking the false branch of \"fd < 0\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 147, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"fd\" and passing it to \"read_fd_link\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 147, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\tsuitable_mount_found = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147|-> \t\tif (read_fd_link(fd, buf, sizeof(buf)) < 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t\t\tclose(fd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| \t\t\tgoto err;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "restore_one_fanotify", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 593, + "event": "path", + "message": "Condition \"fme->type == MARK_TYPE__MOUNT\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 620, + "event": "path", + "message": "Condition \"fme->type == MARK_TYPE__INODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "tainted_return_value", + "message": "Function \"get_mark_path\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "tainted_data_transitive", + "message": "Call to function \"get_mark_path\" with tainted argument \"buf\" transitively taints \"*get_mark_path(\"fanotify\", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "var_assign", + "message": "Assigning: \"path\" = \"get_mark_path(\"fanotify\", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)\", which taints \"path\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 623, + "event": "path", + "message": "Condition \"!path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 625, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 632, + "event": "path", + "message": "Condition \"(*mark).fme->mask\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 633, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"*path\" and passing it to \"fanotify_mark\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 633, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 631| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 632| \tif (mark->fme->mask) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 633|-> \t\tret = fanotify_mark(fd, flags, fme->mask, AT_FDCWD, path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 634| \t\tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 635| \t\t\tpr_err(\"Adding fanotify mask 0x%x on 0x%x/%s failed (%d)\\n\", fme->mask, fme->id, path, ret);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "restore_one_fanotify", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 593, + "event": "path", + "message": "Condition \"fme->type == MARK_TYPE__MOUNT\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 620, + "event": "path", + "message": "Condition \"fme->type == MARK_TYPE__INODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "tainted_return_value", + "message": "Function \"get_mark_path\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "tainted_data_transitive", + "message": "Call to function \"get_mark_path\" with tainted argument \"buf\" transitively taints \"*get_mark_path(\"fanotify\", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 621, + "event": "var_assign", + "message": "Assigning: \"path\" = \"get_mark_path(\"fanotify\", mark->remap, fme->ie->f_handle, fme->ie->i_ino, fme->s_dev, buf, &target)\", which taints \"path\".", + "verbosity_level": 1 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 623, + "event": "path", + "message": "Condition \"!path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 625, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 632, + "event": "path", + "message": "Condition \"(*mark).fme->mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 640, + "event": "path", + "message": "Condition \"fme->ignored_mask\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 641, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"*path\" and passing it to \"fanotify_mark\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "criu-3.18/criu/fsnotify.c", + "line": 641, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 639| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 640| \tif (fme->ignored_mask) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 641|-> \t\tret = fanotify_mark(fd, flags | FAN_MARK_IGNORED_MASK, fme->ignored_mask, AT_FDCWD, path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 642| \t\tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 643| \t\t\tpr_err(\"Adding fanotify ignored-mask 0x%x on 0x%x/%s failed (%d)\\n\", fme->ignored_mask, fme->id,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "cupsLocalizeDestValue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 286, + "event": "path", + "message": "Condition \"!http\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 286, + "event": "path", + "message": "Condition \"!dest\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 286, + "event": "path", + "message": "Condition \"!dinfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 289, + "event": "path", + "message": "Condition \"!strcmp(option, \"media\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 305, + "event": "path", + "message": "Condition \"!dinfo->localizations\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 310, + "event": "path", + "message": "Condition \"(match = (_cups_message_t *)cupsArrayFind(dinfo->localizations, &key)) != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 312, + "event": "local_addr", + "message": "Address of local variable \"pair\".", + "verbosity_level": 1 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 312, + "event": "identity_transfer", + "message": "Passing \"pair\" as argument 2 to function \"_cupsLangString\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 312, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"localized\" = \"_cupsLangString(cupsLangDefault(), pair)\".", + "verbosity_level": 1 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 312, + "event": "path", + "message": "Condition \"(localized = _cupsLangString(cupsLangDefault(), pair)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 312, + "event": "path", + "message": "Condition \"strcmp(localized, pair)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/cups/dest-localization.c", + "line": 313, + "event": "return_local_addr_alias", + "message": "Returning pointer \"localized\" which points to local variable \"pair\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 311| return (match->str);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 312| else if ((localized = _cupsLangString(cupsLangDefault(), pair)) != NULL && strcmp(localized, pair))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 313|-> return (localized);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 314| else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| return (value);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "cupsdReadClient", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 40, + "events": [ + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 631, + "event": "path", + "message": "Condition \"httpIsChunked(con->http)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 631, + "event": "path", + "message": "Condition \"con->request\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 633, + "event": "path", + "message": "Condition \"httpError(con->http) == 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 633, + "event": "path", + "message": "Condition \"!httpGetReady(con->http)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 644, + "event": "path", + "message": "Condition \"httpGetState(con->http) == HTTP_STATE_GET_SEND\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 644, + "event": "path", + "message": "Condition \"httpGetState(con->http) == HTTP_STATE_POST_SEND\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 644, + "event": "path", + "message": "Condition \"httpGetState(con->http) == HTTP_STATE_STATUS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 659, + "event": "path", + "message": "Condition \"con->auto_ssl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 667, + "event": "tainted_argument", + "message": "Calling function \"recv\" taints argument \"*buf\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 667, + "event": "path", + "message": "Condition \"recv(httpGetFd(con->http), buf, 1, MSG_PEEK) == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 667, + "event": "path", + "message": "Condition \"!buf[0]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 667, + "event": "path", + "message": "Condition \"!strchr(\"DGHOPT\", buf[0])\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 684, + "event": "path", + "message": "Switch case value \"HTTP_STATE_OPTIONS\".", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 841, + "event": "path", + "message": "Condition \"(status = httpUpdate(con->http)) == HTTP_STATUS_CONTINUE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 845, + "event": "path", + "message": "Condition \"status != HTTP_STATUS_OK\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 859, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 881, + "event": "path", + "message": "Condition \"status == HTTP_STATUS_OK\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 893, + "event": "path", + "message": "Condition \"!strncmp(httpGetField(con->http, HTTP_FIELD_USER_AGENT), \"Mozilla/\", 8)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 895, + "event": "path", + "message": "Condition \"httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE)[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 902, + "event": "path", + "message": "Condition \"(ptr = strchr(httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE), 44)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 906, + "event": "path", + "message": "Condition \"(ptr = strchr(httpGetField(con->http, HTTP_FIELD_ACCEPT_LANGUAGE), 59)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 910, + "event": "path", + "message": "Condition \"(ptr = strstr(httpGetField(con->http, HTTP_FIELD_CONTENT_TYPE), \"charset=\")) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 921, + "event": "path", + "message": "Condition \"(ptr = strchr(locale, 44)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 923, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 929, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 935, + "event": "path", + "message": "Condition \"!_cups_strncasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), \"Keep-Alive\", 10)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 935, + "event": "path", + "message": "Condition \"KeepAlive\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 937, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 942, + "event": "path", + "message": "Condition \"!httpGetField(con->http, HTTP_FIELD_HOST)[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 942, + "event": "path", + "message": "Condition \"httpGetVersion(con->http) >= HTTP_VERSION_1_1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 956, + "event": "path", + "message": "Condition \"!valid_host(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 973, + "event": "path", + "message": "Condition \"con->operation == HTTP_STATE_OPTIONS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1028, + "event": "path", + "message": "Condition \"!is_path_absolute(con->uri)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1045, + "event": "path", + "message": "Condition \"!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), \"Upgrade\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1045, + "event": "path", + "message": "Condition \"!httpIsEncrypted(con->http)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1076, + "event": "path", + "message": "Condition \"(status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1083, + "event": "path", + "message": "Condition \"httpGetExpect(con->http)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1083, + "event": "path", + "message": "Condition \"con->operation == HTTP_STATE_POST\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1083, + "event": "path", + "message": "Condition \"con->operation == HTTP_STATE_PUT\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1113, + "event": "path", + "message": "Switch case value \"HTTP_STATE_GET_SEND\".", + "verbosity_level": 2 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1118, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"buf\" and passing it to \"get_file\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "cups-2.3.3op2/scheduler/client.c", + "line": 1118, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1116| cupsdLogClient(con, CUPSD_LOG_DEBUG, \"Processing GET %s\", con->uri);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1117| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1118|-> if ((filename = get_file(con, &filestats, buf, sizeof(buf))) != NULL)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1119| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1120| \t type = mimeFileType(MimeDatabase, filename, NULL, NULL);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "master_service_haproxy_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 289, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 287, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 303, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 301| \t with the first recv() call.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 302| \t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 303|-> \ti_zero(&buf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 304| \ti_zero(&rbuf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 305| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "master_service_haproxy_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 289, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 287, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib-master/master-service-haproxy.c", + "line": 337, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| \t\t\treturn -1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337|-> \t\tmemcpy(&buf, rbuf, sizeof(buf));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| \t\tversion = HAPROXY_VERSION_2;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| \t} else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "buffer_create_from_data", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 9, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 10, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 5, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 6, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 8, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 112, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| \tbuf = (struct real_buffer *)buffer;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112|-> \ti_zero(buf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \tbuf->alloc = buf->max_size = size;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \tbuf->r_buffer = buf->w_buffer = data;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "buffer_create_from_const_data", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 9, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 10, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 5, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 6, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.h", + "line": 8, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "dovecot-2.3.16/src/lib/buffer.c", + "line": 130, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \tbuf = (struct real_buffer *)buffer;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130|-> \ti_zero(buf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132| \tbuf->used = buf->alloc = buf->max_size = size;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "StringUtility::removePseudoRedundantSubstrings(std::__cxx11::basic_string, std::allocator > const &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 704, + "event": "path", + "message": "Condition \"i != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 712, + "event": "path", + "message": "Condition \"j != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 735, + "event": "path", + "message": "Condition \"(*i)->size() == (*j)->size()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 735, + "event": "path", + "message": "Condition \"i_subStringLength == j_subStringLength\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 735, + "event": "path", + "message": "Condition \"i_diffpos != std::__cxx11::basic_string, std::allocator >::iterator((*i)->end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 778, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 712, + "event": "path", + "message": "Condition \"j != std::__cxx11::list, std::allocator >, std::allocator, std::allocator > > >::iterator(XStringList.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 783, + "event": "path", + "message": "Condition \"!listOfDifferences.empty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 798, + "event": "path", + "message": "Condition \"!maxvalue.empty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 805, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 805, + "event": "identity_transfer", + "message": "Passing \"i_modifiedString.end()\" as argument 2 to function \"find_if\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 805, + "event": "assign", + "message": "Assigning: \"diffpos\" = \"std::find_if(i_modifiedString.begin(), i_modifiedString.end(), isMarker)\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/dataflowAPI/rose/util/StringUtility.C", + "line": 811, + "event": "deref_iterator", + "message": "Dereferencing iterator \"diffpos\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 809| #endif", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 810| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 811|-> *diffpos = maxvalue[0];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 812| // modifiedString = copyEdit(modifiedString,string(\"$Y\"),maxvalue);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 813| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "BoundCalcVisitor::GetResultBound(boost::shared_ptr)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C", + "line": 148, + "event": "path", + "message": "Condition \"this->IsResultBounded(Dyninst::AST::Ptr(ast))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C", + "line": 149, + "event": "find", + "message": "Calling \"find\" with element \"ast.get()\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C", + "line": 149, + "event": "assign", + "message": "Assigning: \"\" = \"this->bound.find(std::map, std::allocator > >::key_type const(ast.get()))\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/parseAPI/src/IndirectASTVisitor.C", + "line": 149, + "event": "deref_iterator", + "message": "Dereferencing iterator \"this->bound.find(std::map, std::allocator > >::key_type const(ast.get()))\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| StridedInterval* BoundCalcVisitor::GetResultBound(AST::Ptr ast) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| if (IsResultBounded(ast)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149|-> \treturn bound.find(ast.get())->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| \treturn NULL;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 665, + "function": "linux_thread::linux_thread(int_process *, long, int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 1599, + "event": "unlock", + "message": "\"int_thread\" initializes and leaves \"this->regpool_lock\" unlocked.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 1600, + "event": "double_initialization", + "message": "\"thread_db_thread\" initializes \"this->regpool_lock\" while it is already initialized.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1598| linux_thread::linux_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1599| int_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1600|-> thread_db_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1601| postponed_syscall_event(NULL),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1602| generator_started_exit_processing(false)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 665, + "function": "linux_x86_thread::linux_x86_thread(int_process *, long, int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3063, + "event": "unlock", + "message": "\"int_thread\" initializes and leaves \"this->regpool_lock\" unlocked.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3064, + "event": "double_initialization", + "message": "\"thread_db_thread\" initializes \"this->regpool_lock\" while it is already initialized.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3062| linux_x86_thread::linux_x86_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3063| int_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3064|-> thread_db_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3065| linux_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3066| x86_thread(p, t, l)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "linux_x86_thread::~linux_x86_thread()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3072, + "event": "destroy", + "message": "\"~linux_thread\" destroys \"this->regpool_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3072, + "event": "uninitialized_use", + "message": "\"~x86_thread\" uses \"this->regpool_lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3070| linux_x86_thread::~linux_x86_thread()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3071| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3072|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3073| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3074| linux_ppc_thread::linux_ppc_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 665, + "function": "linux_ppc_thread::linux_ppc_thread(int_process *, long, int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3075, + "event": "unlock", + "message": "\"int_thread\" initializes and leaves \"this->regpool_lock\" unlocked.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3076, + "event": "double_initialization", + "message": "\"thread_db_thread\" initializes \"this->regpool_lock\" while it is already initialized.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3074| linux_ppc_thread::linux_ppc_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3075| int_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3076|-> thread_db_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3077| linux_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3078| ppc_thread(p, t, l)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "linux_ppc_thread::~linux_ppc_thread()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3084, + "event": "destroy", + "message": "\"~linux_thread\" destroys \"this->regpool_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3084, + "event": "uninitialized_use", + "message": "\"~ppc_thread\" uses \"this->regpool_lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3082| linux_ppc_thread::~linux_ppc_thread()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3083| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3084|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3085| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3086| linux_arm_thread::linux_arm_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 665, + "function": "linux_arm_thread::linux_arm_thread(int_process *, long, int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3087, + "event": "unlock", + "message": "\"int_thread\" initializes and leaves \"this->regpool_lock\" unlocked.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3088, + "event": "double_initialization", + "message": "\"thread_db_thread\" initializes \"this->regpool_lock\" while it is already initialized.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3086| linux_arm_thread::linux_arm_thread(int_process *p, Dyninst::THR_ID t, Dyninst::LWP l) :", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3087| int_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3088|-> thread_db_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3089| linux_thread(p, t, l),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3090| arm_thread(p, t, l)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "linux_arm_thread::~linux_arm_thread()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3096, + "event": "destroy", + "message": "\"~linux_thread\" destroys \"this->regpool_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/proccontrol/src/linux.C", + "line": 3096, + "event": "uninitialized_use", + "message": "\"~arm_thread\" uses \"this->regpool_lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3094| linux_arm_thread::~linux_arm_thread()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3095| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3096|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3097| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3098| ArchEventLinux::ArchEventLinux(bool inter_) :", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "Dyninst::SymtabAPI::Object::getTOCoffset(unsigned long) const", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C", + "line": 4172, + "event": "path", + "message": "Condition \"this->TOC_table_.empty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C", + "line": 4173, + "event": "find", + "message": "Calling \"find\" with element \"0UL\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C", + "line": 4173, + "event": "assign", + "message": "Assigning: \"\" = \"this->TOC_table_.find(std::map, std::allocator > >::key_type const(0UL))\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/dyninst-12.1.0/symtabAPI/src/Object-elf.C", + "line": 4173, + "event": "deref_iterator", + "message": "Dereferencing iterator \"this->TOC_table_.find(std::map, std::allocator > >::key_type const(0UL))\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4171| Offset Object::getTOCoffset(Offset off) const {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4172| if (TOC_table_.empty()) return 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4173|-> Offset baseTOC = TOC_table_.find(0)->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4174| // We only store exceptions to the base TOC, so if we can't find it", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4175| // return the base", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INFINITE_LOOP", + "cwe": 835, + "function": "test1_38_call1()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c", + "line": 92, + "event": "non_progress_update", + "message": "Update \"i++\" makes no progress toward falsifying the loop condition \"k < i\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c", + "line": 92, + "event": "loop_top", + "message": "Top of the loop.", + "verbosity_level": 0 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c", + "line": 94, + "event": "loop_bottom", + "message": "Bottom of the loop.", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/dyninst/test1_38_mutatee.c", + "line": 92, + "event": "loop_condition", + "message": "If \"k < i\" is initially true then it will remain true.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \tfor (j = 0; i < 100; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92|-> \t for (k = 0; k < i ; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| \t\tfunCall38_3();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OS_CMD_INJECTION", + "cwe": 78, + "imp": 1, + "function": "main", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 113, + "event": "path", + "message": "Condition \"!connection->hasError()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 118, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 119, + "event": "tainted_argument", + "message": "Calling function \"recv_message\" taints argument \"*buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 120, + "event": "path", + "message": "Condition \"!result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 125, + "event": "path", + "message": "Condition \"buffer[0] == 'E'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 128, + "event": "path", + "message": "Condition \"buffer[0] == 'A'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 131, + "event": "path", + "message": "Condition \"buffer[0] == 'L'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 131, + "event": "path", + "message": "Condition \"buffer[1] == ':'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 132, + "event": "os_cmd_sink", + "message": "Passing the tainted command string \"*buffer\" to the process-invoking API \"parse_ldd\" may allow an attacker to modify the intention of the command.", + "verbosity_level": 0 + }, + { + "file_name": "dyninst-12.1.0/testsuite-12.1.0/src/testdriver_wrapper.C", + "line": 132, + "event": "remediation", + "message": "Ensure the tainted data cannot modify the intent of the OS command. If possible, use a safer library or API call instead.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| else if (buffer[0] == 'L' && buffer[1] == ':') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132|-> parse_ldd(buffer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| else if (buffer[0] == 'G' && buffer[1] == ':') {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "fcm_srv_receive", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3545, + "event": "tainted_argument", + "message": "Calling function \"recvfrom\" taints argument \"*buf\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3547, + "event": "path", + "message": "Condition \"res < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3553, + "event": "var_assign_var", + "message": "Assigning: \"data\" = \"(struct clif_data *)buf\". Both are now tainted.", + "verbosity_level": 1 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3555, + "event": "path", + "message": "Condition \"size < 24UL /* sizeof (*data) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3556, + "event": "path", + "message": "Condition \"size < 20UL /* sizeof (*data) - sizeof (data->flags) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3563, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3570, + "event": "identity_transfer", + "message": "Passing \"data->ifname\" as argument 2 to function \"strncpy\", which sets \"*ifname\" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3570, + "event": "tainted_data_transitive", + "message": "Call to function \"strncpy\" with tainted argument \"data->ifname\" transitively taints \"ifname\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3573, + "event": "path", + "message": "Condition \"cmd != CLIF_PID_CMD\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3574, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"ifname\" and passing it to \"fcoe_validate_interface\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "fcoe-utils-14ef0d24c0657e56c68360afcfe64034d37323e0/fcoemon.c", + "line": 3574, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3572| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3573| \tif (cmd != CLIF_PID_CMD) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3574|-> \t\trc = fcoe_validate_interface(ifname);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3575| \t\tif (rc)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3576| \t\t\tgoto err;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "USE_AFTER_FREE", + "cwe": 672, + "imp": 1, + "function": "init_blktrace_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "fio-3.35/blktrace.c", + "line": 410, + "event": "path", + "message": "Condition \"!td->io_log_rfile\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/blktrace.c", + "line": 422, + "event": "freed_arg", + "message": "\"read_blktrace\" frees \"td->io_log_rfile\".", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/blktrace.c", + "line": 422, + "event": "path", + "message": "Condition \"!read_blktrace(td)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/blktrace.c", + "line": 423, + "event": "path", + "message": "Jumping to label \"err\".", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/blktrace.c", + "line": 436, + "event": "path", + "message": "Condition \"td->io_log_rfile\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/blktrace.c", + "line": 437, + "event": "use_closed_file", + "message": "Calling \"fclose\" uses file handle \"td->io_log_rfile\" after closing it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| err:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| \tif (td->io_log_rfile) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 437|-> \t\tfclose(td->io_log_rfile);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| \t\ttd->io_log_rfile = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "fio_handle_client", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "fio-3.35/client.c", + "line": 1778, + "event": "path", + "message": "Condition \"((8192UL /* 1 << FD_NET */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1778, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1780, + "event": "tainted_return_value", + "message": "Function \"fio_net_recv_cmd\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1780, + "event": "var_assign", + "message": "Assigning: \"cmd\" = \"fio_net_recv_cmd(client->fd, true)\", which taints \"cmd\".", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1781, + "event": "path", + "message": "Condition \"!cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1784, + "event": "path", + "message": "Condition \"((8192UL /* 1 << FD_NET */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1784, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1789, + "event": "path", + "message": "Switch case value \"FIO_NET_CMD_SENDFILE\".", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1913, + "event": "var_assign_var", + "message": "Assigning: \"pdu\" = \"(struct cmd_sendfile *)cmd->payload\". Both are now tainted.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1914, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"pdu->path\" and passing it to \"fio_send_file\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "fio-3.35/client.c", + "line": 1914, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1912| \tcase FIO_NET_CMD_SENDFILE: {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1913| \t\tstruct cmd_sendfile *pdu = (struct cmd_sendfile *) cmd->payload;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1914|-> \t\tfio_send_file(client, pdu, cmd->tag);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1915| \t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1916| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OS_CMD_INJECTION", + "cwe": 78, + "imp": 1, + "function": "handle_connection", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "fio-3.35/server.c", + "line": 1345, + "event": "path", + "message": "Condition \"!exit_backend\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1354, + "event": "path", + "message": "Condition \"!flist_empty(&job_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1360, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1365, + "event": "path", + "message": "Condition \"!ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1371, + "event": "path", + "message": "Condition \"pfd.revents & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1372, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1381, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1384, + "event": "path", + "message": "Condition \"pfd.revents & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1385, + "event": "tainted_return_value", + "message": "Function \"fio_net_recv_cmd\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1385, + "event": "var_assign", + "message": "Assigning: \"cmd\" = \"fio_net_recv_cmd(sk_out->sk, true)\", which taints \"cmd\".", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1386, + "event": "path", + "message": "Condition \"!cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1391, + "event": "os_cmd_sink", + "message": "Passing the tainted command string \"cmd->payload\" to the process-invoking API \"handle_command\" may allow an attacker to modify the intention of the command.", + "verbosity_level": 0 + }, + { + "file_name": "fio-3.35/server.c", + "line": 1391, + "event": "remediation", + "message": "Ensure the tainted data cannot modify the intent of the OS command. If possible, use a safer library or API call instead.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1389| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1390| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1391|-> \t\tret = handle_command(sk_out, &job_list, cmd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1392| \t\tif (ret)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1393| \t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "zbd_convert_to_open_zone", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 46, + "events": [ + { + "file_name": "fio-3.35/zbd.c", + "line": 1327, + "event": "path", + "message": "Condition \"is_valid_offset(f, io_u->offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1327, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1329, + "event": "path", + "message": "Condition \"zbdi->max_open_zones\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1335, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1338, + "event": "path", + "message": "Condition \"zone_idx < f->min_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1339, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1343, + "event": "path", + "message": "Condition \"((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1343, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1353, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1357, + "event": "path", + "message": "Condition \"z->has_wp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1362, + "event": "path", + "message": "Condition \"z->has_wp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1363, + "event": "path", + "message": "Condition \"z->cond != ZBD_ZONE_COND_OFFLINE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1363, + "event": "path", + "message": "Condition \"zbdi->max_open_zones == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1367, + "event": "path", + "message": "Condition \"zbdi->num_open_zones == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1368, + "event": "path", + "message": "Condition \"((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1368, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1370, + "event": "path", + "message": "Jumping to label \"open_other_zone\".", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1430, + "event": "path", + "message": "Condition \"zbdi->num_open_zones == f->max_zone - f->min_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1445, + "event": "path", + "message": "Condition \"wait_zone_close\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1446, + "event": "path", + "message": "Condition \"((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1446, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1454, + "event": "path", + "message": "Condition \"i > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1456, + "event": "path", + "message": "Condition \"z->has_wp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1459, + "event": "path", + "message": "Condition \"!is_valid_offset(f, z->start)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1464, + "event": "path", + "message": "Condition \"is_valid_offset(f, z->start)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1465, + "event": "path", + "message": "Condition \"!z->has_wp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1466, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1454, + "event": "path", + "message": "Condition \"i > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1456, + "event": "path", + "message": "Condition \"z->has_wp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1459, + "event": "path", + "message": "Condition \"!is_valid_offset(f, z->start)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1464, + "event": "path", + "message": "Condition \"is_valid_offset(f, z->start)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1465, + "event": "path", + "message": "Condition \"!z->has_wp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1468, + "event": "path", + "message": "Condition \"z->open\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1469, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1454, + "event": "path", + "message": "Condition \"i > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1477, + "event": "lock", + "message": "Locking \"&zbdi->mutex\".", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1478, + "event": "path", + "message": "Condition \"i < zbdi->num_open_zones\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1498, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"in_flight\".", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1499, + "event": "path", + "message": "Condition \"in_flight\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1500, + "event": "path", + "message": "Condition \"((262144UL /* 1 << FD_ZBD */) & fio_debug) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1500, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1503, + "event": "unlock", + "message": "Unlocking \"&zbdi->mutex\". \"in_flight\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1504, + "event": "unlock", + "message": "Unlocking \"z->mutex\". \"in_flight\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1506, + "event": "lockagain", + "message": "Locking \"z->mutex\" again.", + "verbosity_level": 1 + }, + { + "file_name": "fio-3.35/zbd.c", + "line": 1507, + "event": "use", + "message": "Using an unreliable value of \"in_flight\" inside the second locked section. If the data that \"in_flight\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1505| \t\tio_u_quiesce(td);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1506| \t\tzone_lock(td, f, z);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1507|-> \t\tshould_retry = in_flight;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1508| \t\tgoto retry;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1509| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 313, + "function": "github.com/grafana/grafana/pkg/api.HTTPServer.AddAPIKey(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 130, + "event": "sensitive_data", + "message": "Calling \"New\". This call stores sensitive data in \".$0.HashedKey\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 130, + "event": "assign", + "message": "Assigning a sensitive string to \"newKeyInfo\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 135, + "event": "assign", + "message": "Assigning: \"cmd.Key\" = \"newKeyInfo.HashedKey\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 136, + "event": "sink", + "message": "Calling \"AddAPIKey\". This stores the sensitive data \"cmd.Key\" to a database. It may be exposed to unintended individuals. (The interface method resolves to \"apikeyimpl.Service.AddAPIKey(Context, apikey.AddCommand *)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 136, + "event": "remediation", + "message": "Do not leak this data to a database.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135| \tcmd.Key = newKeyInfo.HashedKey", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136|-> \tif err := hs.apiKeyService.AddAPIKey(c.Req.Context(), &cmd); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| \t\tif errors.Is(err, apikey.ErrInvalidExpiration) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| \t\t\treturn response.Error(400, err.Error(), nil)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 313, + "function": "github.com/grafana/grafana/pkg/api.HTTPServer.AddAPIKey(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 130, + "event": "sensitive_data", + "message": "Calling \"New\". This call stores sensitive data in \".$0.HashedKey\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 130, + "event": "assign", + "message": "Assigning a sensitive string to \"newKeyInfo\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 135, + "event": "assign", + "message": "Assigning: \"cmd.Key\" = \"newKeyInfo.HashedKey\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 136, + "event": "sink", + "message": "Calling \"AddAPIKey\". This stores the sensitive data \"cmd.Key\" to a database. It may be exposed to unintended individuals. (The interface method resolves to \"apikeyimpl.sqlxStore.AddAPIKey(Context, apikey.AddCommand *)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/apikey.go", + "line": 136, + "event": "remediation", + "message": "Do not leak this data to a database.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135| \tcmd.Key = newKeyInfo.HashedKey", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136|-> \tif err := hs.apiKeyService.AddAPIKey(c.Req.Context(), &cmd); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| \t\tif errors.Is(err, apikey.ErrInvalidExpiration) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| \t\t\treturn response.Error(400, err.Error(), nil)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"file\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 143, + "event": "sink", + "message": "Calling \"Open\". This call uses \"file\" for sensitive computation. (The interface method resolves to \"http.Dir.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 143, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \tf, err := opt.FileSystem.Open(file)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\treturn false", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"file\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 143, + "event": "sink", + "message": "Calling \"Open\". This call uses \"file\" for sensitive computation. (The interface method resolves to \"static.staticFileSystem.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 143, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \tf, err := opt.FileSystem.Open(file)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\treturn false", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 162, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 162, + "event": "assign", + "message": "Assigning: \"[0]\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 162, + "event": "identity", + "message": "Calling \"Sprintf\". This call assigns \"{ctx.Req.URL.Path}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 162, + "event": "assign", + "message": "Assigning: \"path\" = \"Sprintf(\"%s/\", ctx.Req.URL.Path)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 169, + "event": "identity", + "message": "Calling \"ReplaceAllString\". This call assigns \"path\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 169, + "event": "assign", + "message": "Assigning: \"path\" = \"rePrefix.ReplaceAllString(path, \"/\")\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 171, + "event": "sink", + "message": "Calling \"Redirect\". This call passes the tainted data, \"path\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| \t\t\t\tpath = rePrefix.ReplaceAllString(path, \"/\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171|-> \t\t\thttp.Redirect(ctx.Resp, ctx.Req, path, http.StatusFound)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \t\t\treturn true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"file\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "assign", + "message": "Assigning: \"[0]\" = \"file\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{file, opt.IndexFile}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "assign", + "message": "Assigning: \"file\" = \"Join(file, opt.IndexFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 176, + "event": "sink", + "message": "Calling \"Open\". This call uses \"file\" for sensitive computation. (The interface method resolves to \"http.Dir.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 176, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| \t\tfile = path.Join(file, opt.IndexFile)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176|-> \t\tindexFile, err := opt.FileSystem.Open(file)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| \t\t\treturn false // Discard error.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"file\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "assign", + "message": "Assigning: \"[0]\" = \"file\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{file, opt.IndexFile}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 175, + "event": "assign", + "message": "Assigning: \"file\" = \"Join(file, opt.IndexFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 176, + "event": "sink", + "message": "Calling \"Open\". This call uses \"file\" for sensitive computation. (The interface method resolves to \"static.staticFileSystem.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 176, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| \t\tfile = path.Join(file, opt.IndexFile)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176|-> \t\tindexFile, err := opt.FileSystem.Open(file)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| \t\t\treturn false // Discard error.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HEADER_INJECTION", + "cwe": 644, + "function": "github.com/grafana/grafana/pkg/api/static.staticHandler(*github.com/grafana/grafana/pkg/web.Context, github.com/grafana/grafana/pkg/infra/log.Logger, github.com/grafana/grafana/pkg/api/static.StaticOptions)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "taint", + "message": "The field \"ctx.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"file\" = \"ctx.Req.URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 201, + "event": "sink", + "message": "Calling \"ServeContent\". This call uses \"file\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/api/static/static.go", + "line": 201, + "event": "remediation", + "message": "Check this header name against a list of acceptable headers (whitelisting). If the list must be dynamic, constrain the header name by construction or validation of user-controllable input to an acceptable set of headers.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201|-> \thttp.ServeContent(ctx.Resp, ctx.Req, file, fi.ModTime(), f)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202| \treturn true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana/pkg/login/social.SocialAzureAD.UserInfo(*net/http.Client, *golang.org/x/oauth2.Token)(*github.com/grafana/grafana/pkg/login/social.BasicUserInfo, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 58, + "event": "insufficient_logging", + "message": "Calling \"ParseSigned\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 58, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseSigned((string)idToken)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 61, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 59, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 59, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| \tparsedToken, err := jwt.ParseSigned(idToken.(string))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \t\treturn nil, fmt.Errorf(\"error parsing id token: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana/pkg/login/social.groupsGraphAPIURL(github.com/grafana/grafana/pkg/login/social.azureClaims, *golang.org/x/oauth2.Token)(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 243, + "event": "insufficient_logging", + "message": "Calling \"ParseSigned\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 243, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseSigned(token.AccessToken)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 246, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 244, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/azuread_oauth.go", + "line": 244, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| \t\tif tenantID == \"\" {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| \t\t\tparsedToken, err := jwt.ParseSigned(token.AccessToken)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 244|-> \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 245| \t\t\t\treturn \"\", fmt.Errorf(\"error parsing access token: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 246| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana/pkg/login/social.SocialOkta.UserInfo(*net/http.Client, *golang.org/x/oauth2.Token)(*github.com/grafana/grafana/pkg/login/social.BasicUserInfo, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/login/social/okta_oauth.go", + "line": 57, + "event": "insufficient_logging", + "message": "Calling \"ParseSigned\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/okta_oauth.go", + "line": 57, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseSigned((string)idToken)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/okta_oauth.go", + "line": 60, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/okta_oauth.go", + "line": 58, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/login/social/okta_oauth.go", + "line": 58, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| \tparsedToken, err := jwt.ParseSigned(idToken.(string))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \t\treturn nil, fmt.Errorf(\"error parsing id token: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/grafana/grafana/pkg/middleware.RedirectFromLegacyPanelEditURL.anonymous%0(*github.com/grafana/grafana/pkg/models.ReqContext)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 32, + "event": "taint", + "message": "The field \"c.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 32, + "event": "identity", + "message": "Calling \"TrimPrefix\". This call assigns \"c.Context.Req.URL.Path\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 32, + "event": "assign", + "message": "Assigning: \"[1]\" = \"TrimPrefix(c.Context.Req.URL.Path, \"/\")\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 32, + "event": "identity", + "message": "Calling \"Sprintf\". This call assigns \"{cfg.AppURL, TrimPrefix(c.Context.Req.URL.Path, \"/\"), queryParams.Encode()}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 32, + "event": "assign", + "message": "Assigning: \"newURL\" = \"Sprintf(\"%s%s?%s\", cfg.AppURL, TrimPrefix(c.Context.Req.URL.Path, \"/\"), queryParams.Encode())\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/dashboard_redirect.go", + "line": 33, + "event": "sink", + "message": "Calling \"Redirect\". This call passes the tainted data, \"newURL\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| \t\t\tnewURL := fmt.Sprintf(\"%s%s?%s\", cfg.AppURL, strings.TrimPrefix(c.Req.URL.Path, \"/\"), queryParams.Encode())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> \t\t\tc.Redirect(newURL, 301)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/grafana/grafana/pkg/middleware.OrgRedirect.anonymous%0(net/http.ResponseWriter, *net/http.Request, *github.com/grafana/grafana/pkg/web.Context)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 55, + "event": "taint", + "message": "The field \"c.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 55, + "event": "identity", + "message": "Calling \"TrimPrefix\". This call assigns \"c.Req.URL.Path\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 55, + "event": "assign", + "message": "Assigning: \"[1]\" = \"TrimPrefix(c.Req.URL.Path, \"/\")\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 55, + "event": "identity", + "message": "Calling \"Sprintf\". This call assigns \"{cfg.AppURL, TrimPrefix(c.Req.URL.Path, \"/\"), qs}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 55, + "event": "assign", + "message": "Assigning: \"newURL\" = \"Sprintf(\"%s%s?%s\", cfg.AppURL, TrimPrefix(c.Req.URL.Path, \"/\"), qs)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/middleware/org_redirect.go", + "line": 57, + "event": "sink", + "message": "Calling \"Redirect\". This call passes the tainted data, \"newURL\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t\tnewURL := fmt.Sprintf(\"%s%s?%s\", cfg.AppURL, strings.TrimPrefix(c.Req.URL.Path, \"/\"), qs)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57|-> \t\tc.Redirect(newURL, 302)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana/pkg/services/contexthandler.ContextHandler.initContextWithJWT(*github.com/grafana/grafana/pkg/models.ReqContext, int64)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go", + "line": 45, + "event": "insufficient_logging", + "message": "Calling \"Verify\". This function call creates a logging obligation. (The interface method resolves to \"jwt.AuthService.Verify(Context, string)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go", + "line": 45, + "event": "assign", + "message": "Assigning: \"err\" = \"h.JWTAuthService.Verify(ctx.Context.Req.Context(), jwtToken)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go", + "line": 50, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go", + "line": 46, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/auth_jwt.go", + "line": 46, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| \tclaims, err := h.JWTAuthService.Verify(ctx.Req.Context(), jwtToken)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| \t\tctx.Logger.Debug(\"Failed to verify JWT\", \"error\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| \t\tctx.JsonApiErr(http.StatusUnauthorized, InvalidJWT, err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 313, + "function": "github.com/grafana/grafana/pkg/services/contexthandler.ContextHandler.getPrefixedAPIKey(context.Context, string)(*github.com/grafana/grafana/pkg/services/apikey.APIKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 215, + "event": "sensitive_data", + "message": "Calling \"Hash\". This call stores sensitive data in \".$0\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 215, + "event": "assign", + "message": "Assigning: \"hash\" = \"decoded.Hash()\". Now \"hash\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 220, + "event": "sink", + "message": "Calling \"GetAPIKeyByHash\". This stores the sensitive data \"hash\" to a database. It may be exposed to unintended individuals. (The interface method resolves to \"apikeyimpl.Service.GetAPIKeyByHash(Context, string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 220, + "event": "remediation", + "message": "Do not leak this data to a database.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220|-> \treturn h.apiKeyService.GetAPIKeyByHash(ctx, hash)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 313, + "function": "github.com/grafana/grafana/pkg/services/contexthandler.ContextHandler.getPrefixedAPIKey(context.Context, string)(*github.com/grafana/grafana/pkg/services/apikey.APIKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 215, + "event": "sensitive_data", + "message": "Calling \"Hash\". This call stores sensitive data in \".$0\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 215, + "event": "assign", + "message": "Assigning: \"hash\" = \"decoded.Hash()\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 220, + "event": "sink", + "message": "Calling \"GetAPIKeyByHash\". This stores the sensitive data \"hash\" to a database. It may be exposed to unintended individuals. (The interface method resolves to \"apikeyimpl.sqlxStore.GetAPIKeyByHash(Context, string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/contexthandler/contexthandler.go", + "line": 220, + "event": "remediation", + "message": "Do not leak this data to a database.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220|-> \treturn h.apiKeyService.GetAPIKeyByHash(ctx, hash)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana/pkg/services/datasources/service.SqlStore.DeleteDataSource.anonymous%0(*github.com/grafana/grafana/pkg/services/sqlstore.DBSession)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 131, + "event": "path", + "message": "Condition \"errGettingDS != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 136, + "event": "path", + "message": "Condition \"ds != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 136, + "event": "var_compare_op", + "message": "Comparing \"ds\" to null implies that \"ds\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 152, + "event": "path", + "message": "Condition \"cmd.UpdateSecretFn != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 153, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 160, + "event": "path", + "message": "Condition \"cmd.DeletedDatasourcesCount > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/datasources/service/store.go", + "line": 161, + "event": "null_field_access", + "message": "Accessing field of null object \"ds\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\t// Publish data source deletion event", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t\tif cmd.DeletedDatasourcesCount > 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161|-> \t\t\tsess.PublishAfterCommit(&events.DataSourceDeleted{", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| \t\t\t\tTimestamp: time.Now(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| \t\t\t\tName: ds.Name,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/grafana/grafana/pkg/services/live/pipeline.lokiWriter.flushPeriodically()", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 85, + "event": "path", + "message": "Condition \"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 86, + "event": "lock", + "message": "Locking \"w.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 87, + "event": "path", + "message": "Condition \"len(w.buffer) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 91, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmpBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 94, + "event": "unlock", + "message": "Unlocking \"w.mu\". \"tmpBuffer\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 97, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 99, + "event": "lockagain", + "message": "Locking \"w.mu\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_loki.go", + "line": 101, + "event": "use", + "message": "Using an unreliable value of \"tmpBuffer\" inside the second locked section. If the data that \"tmpBuffer\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| \t\t\tw.mu.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t\t\t// TODO: drop in case of large buffer size? Make several attempts only?", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101|-> \t\t\tw.buffer = append(tmpBuffer, w.buffer...)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \t\t\tw.mu.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/grafana/grafana/pkg/services/live/pipeline.RemoteWriteFrameOutput.flushPeriodically()", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 61, + "event": "path", + "message": "Condition \"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 62, + "event": "lock", + "message": "Locking \"out.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 63, + "event": "path", + "message": "Condition \"len(out.buffer) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 67, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmpBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 70, + "event": "unlock", + "message": "Unlocking \"out.mu\". \"tmpBuffer\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 73, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 75, + "event": "lockagain", + "message": "Locking \"out.mu\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/live/pipeline/frame_output_remote_write.go", + "line": 77, + "event": "use", + "message": "Using an unreliable value of \"tmpBuffer\" inside the second locked section. If the data that \"tmpBuffer\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| \t\t\tout.mu.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \t\t\t// TODO: drop in case of large buffer size? Make several attempts only?", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77|-> \t\t\tout.buffer = append(tmpBuffer, out.buffer...)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| \t\t\tout.mu.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexAM.withAMReq(*github.com/grafana/grafana/pkg/models.ReqContext, string, string, []string, io.Reader, (*github.com/grafana/grafana/pkg/api/response.NormalResponse)(interface{}, error), map[string]string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go", + "line": 103, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go", + "line": 103, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go", + "line": 103, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, Sprintf(endpointPath, iPathParams)).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_am.go", + "line": 103, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> \treturn am.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\tmethod,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexProm.RouteGetAlertStatuses(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 47, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 47, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 47, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, endpoints.alerts).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 47, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47|-> \treturn p.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \t\thttp.MethodGet,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexProm.RouteGetRuleStatuses(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 66, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 66, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 66, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, endpoints.rules).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_prom.go", + "line": 66, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66|-> \treturn p.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| \t\thttp.MethodGet,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RouteDeleteNamespaceRulesConfig(*github.com/grafana/grafana/pkg/models.ReqContext, string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 63, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 63, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 63, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, Sprintf(\"%s/%s\", legacyRulerPrefix, namespace)).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 63, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t\treturn ErrResp(500, err, \"\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63|-> \treturn r.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\thttp.MethodDelete,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RouteDeleteRuleGroupConfig(*github.com/grafana/grafana/pkg/models.ReqContext, string, string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 81, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 81, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 81, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, Sprintf(\"%s/%s/%s\", legacyRulerPrefix, namespace, group)).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 81, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| \t\treturn ErrResp(500, err, \"\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81|-> \treturn r.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| \t\thttp.MethodDelete,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RouteGetNamespaceRulesConfig(*github.com/grafana/grafana/pkg/models.ReqContext, string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 104, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 104, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 104, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, Sprintf(\"%s/%s\", legacyRulerPrefix, namespace)).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 104, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \t\treturn ErrResp(500, err, \"\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104|-> \treturn r.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t\thttp.MethodGet,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RouteGetRulegGroupConfig(*github.com/grafana/grafana/pkg/models.ReqContext, string, string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 126, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 126, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 126, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, Sprintf(\"%s/%s/%s\", legacyRulerPrefix, namespace, group)).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 126, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| \t\treturn ErrResp(500, err, \"\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126|-> \treturn r.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| \t\thttp.MethodGet,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RouteGetRulesConfig(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 150, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 150, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 150, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"withPath(*ctx.Context.Req.URL, legacyRulerPrefix).Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 150, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150|-> \treturn r.withReq(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| \t\tctx,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| \t\thttp.MethodGet,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana/pkg/services/ngalert/api.LotexRuler.RoutePostNameRulesConfig(*github.com/grafana/grafana/pkg/models.ReqContext, github.com/grafana/grafana/pkg/services/ngalert/api/tooling/definitions.PostableRuleGroupConfig, string)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 172, + "event": "taint", + "message": "The field \"ctx.Context.Req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 172, + "event": "identity", + "message": "Calling \"withPath\". This call assigns \"(*ctx.Context.Req.URL).Fragment\" to \"().Fragment\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 172, + "event": "assign", + "message": "Assigning: \"u\" = \"withPath(*ctx.Context.Req.URL, Sprintf(\"%s/%s\", legacyRulerPrefix, ns))\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 173, + "event": "sink", + "message": "Calling \"withReq\". This call uses \"u.Fragment\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/api/lotex_ruler.go", + "line": 173, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \tu := withPath(*ctx.Req.URL, fmt.Sprintf(\"%s/%s\", legacyRulerPrefix, ns))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173|-> \treturn r.withReq(ctx, http.MethodPost, u, bytes.NewBuffer(yml), jsonExtractor(nil), nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana/pkg/services/ngalert/image.UploadingService.Upload(context.Context, github.com/grafana/grafana/pkg/services/ngalert/models.Image)(github.com/grafana/grafana/pkg/services/ngalert/models.Image, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/image/upload.go", + "line": 39, + "event": "insufficient_logging", + "message": "Calling \"Upload\". This function call creates a logging obligation. (The interface method resolves to \"gcs.Uploader.Upload(Context, string)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/image/upload.go", + "line": 39, + "event": "assign", + "message": "Assigning: \"err\" = \"s.uploader.Upload(ctx, image.Path)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/image/upload.go", + "line": 43, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/image/upload.go", + "line": 40, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/ngalert/image/upload.go", + "line": 40, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| func (s *UploadingService) Upload(ctx context.Context, image ngmodels.Image) (ngmodels.Image, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| \turl, err := s.uploader.Upload(ctx, image.Path)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| \t\tdefer s.failures.Inc()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| \t\treturn image, fmt.Errorf(\"failed to upload screenshot: %w\", err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 319, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/services/notifications.SmtpClient.Send([]*github.com/grafana/grafana/pkg/services/notifications.Message)(int, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 39, + "event": "call", + "message": "Calling \"buildEmail\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 39, + "event": "assign", + "message": "Assigning: \"m\" = \"sc.buildEmail(msg)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 41, + "event": "assign", + "message": "Assigning: \"[0]\" = \"m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 41, + "event": "sensitive_data", + "message": "Calling \"DialAndSend\". This call stores sensitive data in \"({m}).header.From\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 39, + "event": "call", + "message": "Calling \"buildEmail\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 41, + "event": "sink", + "message": "Calling \"DialAndSend\". This sends the sensitive data \"({m}).header\" over the network. It may be exposed to unintended individuals.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/notifications/smtp.go", + "line": 41, + "event": "remediation", + "message": "Do not leak this data to the network.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| \t\tm := sc.buildEmail(msg)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41|-> \t\tinnerError := dialer.DialAndSend(m)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| \t\temailsSentTotal.Inc()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| \t\tif innerError != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana/pkg/services/org/orgimpl.Service.GetOrCreate(context.Context, string)(int64, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/org/orgimpl/org.go", + "line": 184, + "event": "assign_null", + "message": "Assigning: \"orga\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/org/orgimpl/org.go", + "line": 186, + "event": "path", + "message": "Condition \"s.cfg.AutoAssignOrg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/org/orgimpl/org.go", + "line": 202, + "event": "null_field_access", + "message": "Accessing field of null object \"orga\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200| \t\torga.ID = int64(s.cfg.AutoAssignOrgId)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202|-> \t\torga.Name = orgName", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 204| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana/pkg/services/sqlstore/searchstore.Builder.applyFilters()string", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 81, + "event": "path", + "message": "Condition \" < len(b.Filters)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 82, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"f\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 82, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 86, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 94, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 102, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 108, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 81, + "event": "path", + "message": "Condition \" < len(b.Filters)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 82, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/services/sqlstore/searchstore/builder.go", + "line": 83, + "event": "null_method_call", + "message": "Calling a method on null object \"f\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| \tfor _, f := range b.Filters {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\tif f, ok := f.(FilterLeftJoin); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83|-> \t\t\tjoins = append(joins, fmt.Sprintf(\" LEFT OUTER JOIN %s \", f.LeftJoin()))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/services/store.standardStorageService.doUpload(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 94, + "event": "taint", + "message": "The field \"c.Context.Req.MultipartForm\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 122, + "event": "concat", + "message": "Creating a tainted string using \"fileHeader.Filename\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 122, + "event": "assign", + "message": "Assigning a tainted string to \"path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 131, + "event": "assign", + "message": "Assigning: \".Path\" = \"path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 131, + "event": "sink", + "message": "Calling \"Upload\". This call uses \"store.UploadRequest{.Contents = data, .EntityType = entityType, .Path = path, .OverwriteExistingFile = overwriteExistingFile, .Properties = {\"message\" : message}}.Path\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 131, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131|-> \t\t\terr = s.Upload(c.Req.Context(), c.SignedInUser, &UploadRequest{", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132| \t\t\t\tContents: data,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| \t\t\t\tEntityType: entityType,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/services/store.standardStorageService.doDeleteFolder(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 205, + "event": "taint", + "message": "The field \"c.Context.Req.Body\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 205, + "event": "identity", + "message": "Calling \"ReadAll\". This call assigns \"c.Context.Req.Body\" to \".$0\". Now \".$0\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 205, + "event": "assign", + "message": "Assigning: \"body\" = \"ReadAll(c.Context.Req.Body)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 210, + "event": "assign", + "message": "Assigning: \"cmd\" = \"&store.DeleteFolderCmd{\"\", false}\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 211, + "event": "identity", + "message": "Calling \"Unmarshal\". This call assigns \"body\" to \"cmd\". Now \"cmd\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 222, + "event": "sink", + "message": "Calling \"DeleteFolder\". This call uses \"cmd.Path\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 222, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| \t// full path is api/storage/delete/upload/example.jpg, but we only want the part after upload", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| \t_, path := getPathAndScope(c)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222|-> \tif err := s.DeleteFolder(c.Req.Context(), c.SignedInUser, cmd); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| \t\treturn response.Error(400, \"failed to delete the folder: \"+err.Error(), err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/grafana/grafana/pkg/services/store.standardStorageService.doCreateFolder(*github.com/grafana/grafana/pkg/models.ReqContext)github.com/grafana/grafana/pkg/api/response.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 234, + "event": "taint", + "message": "The field \"c.Context.Req.Body\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 234, + "event": "identity", + "message": "Calling \"ReadAll\". This call assigns \"c.Context.Req.Body\" to \".$0\". Now \".$0\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 234, + "event": "assign", + "message": "Assigning: \"body\" = \"ReadAll(c.Context.Req.Body)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 239, + "event": "assign", + "message": "Assigning: \"cmd\" = \"&store.CreateFolderCmd{\"\"}\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 240, + "event": "identity", + "message": "Calling \"Unmarshal\". This call assigns \"body\" to \"cmd\". Now \"cmd\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 249, + "event": "sink", + "message": "Calling \"CreateFolder\". This call uses \"cmd.Path\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/pkg/services/store/http.go", + "line": 249, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 247| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 248| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 249|-> \tif err := s.CreateFolder(c.Req.Context(), c.SignedInUser, cmd); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 250| \t\treturn response.Error(400, \"failed to create the folder: \"+err.Error(), err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 251| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana/pkg/util/converter.ReadPrometheusStyleResult(*github.com/json-iterator/go.Iterator, github.com/grafana/grafana/pkg/util/converter.Options)*github.com/grafana/grafana-plugin-sdk-go/backend.DataResponse", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 28, + "event": "assign_null", + "message": "Assigning: \"rsp\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 34, + "event": "path", + "message": "Condition \"l1Field != \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 35, + "event": "path", + "message": "Switch case value \"\"status\"\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 55, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 34, + "event": "path", + "message": "Condition \"l1Field != \"\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 57, + "event": "path", + "message": "Condition \"status == \"error\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 63, + "event": "path", + "message": "Condition \"len(warnings) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 64, + "event": "null_field_access", + "message": "Accessing field of null object \"rsp\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \tif len(warnings) > 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64|-> \t\tfor _, frame := range rsp.Frames {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\t\tif frame.Meta == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \t\t\t\tframe.Meta = &data.FrameMeta{}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana/pkg/util/converter.readPrometheusData(*github.com/json-iterator/go.Iterator, github.com/grafana/grafana/pkg/util/converter.Options)*github.com/grafana/grafana-plugin-sdk-go/backend.DataResponse", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 96, + "event": "path", + "message": "Condition \"t == 5 /* ArrayValue */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 100, + "event": "path", + "message": "Condition \"t != 6 /* ObjectValue */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 107, + "event": "assign_null", + "message": "Assigning: \"rsp\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 109, + "event": "path", + "message": "Condition \"l1Field != \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 110, + "event": "path", + "message": "Switch case value \"\"stats\"\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/pkg/util/converter/prom.go", + "line": 143, + "event": "null_field_access", + "message": "Accessing field of null object \"rsp\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t\tcase \"stats\":", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \t\t\tv := iter.Read()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \t\t\tif len(rsp.Frames) > 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \t\t\t\tmeta := rsp.Frames[0].Meta", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\t\t\tif meta == nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cloud.google.com/go/compute/metadata.Client.getETag(string)(string, string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 297, + "event": "path", + "message": "Condition \"host == \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 308, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 316, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 319, + "event": "path", + "message": "Condition \"res != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 322, + "event": "path", + "message": "Condition \"shouldRetry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 323, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 326, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 316, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 319, + "event": "path", + "message": "Condition \"res != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 322, + "event": "path", + "message": "Condition \"shouldRetry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 323, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 326, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 316, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 319, + "event": "path", + "message": "Condition \"res != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 319, + "event": "var_compare_op", + "message": "Comparing \"res\" to null implies that \"res\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 322, + "event": "path", + "message": "Condition \"shouldRetry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 328, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 330, + "event": "path", + "message": "Condition \"reqErr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 333, + "event": "null_field_access", + "message": "Accessing field of null object \"res\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| \t\treturn \"\", \"\", reqErr", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333|-> \tdefer res.Body.Close()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| \tif res.StatusCode == http.StatusNotFound {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| \t\treturn \"\", \"\", NotDefinedError(suffix)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "cloud.google.com/go/compute/metadata.Client.Subscribe(string, (string, bool)error)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 499, + "event": "taint", + "message": "Calling \"getETag\". This call taints \".$1\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 499, + "event": "assign", + "message": "Assigning: \"lastETag\" = \"c.getETag(suffix)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 515, + "event": "identity", + "message": "Calling \"QueryEscape\". This call assigns \"lastETag\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 515, + "event": "sink", + "message": "Calling \"getETag\". This call uses a tainted string for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 515, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 513| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| \tfor {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515|-> \t\tval, etag, err := c.getETag(suffix + url.QueryEscape(lastETag))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \t\t\tif _, deleted := err.(NotDefinedError); !deleted {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "cloud.google.com/go/storage.parseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go", + "line": 1180, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go", + "line": 1180, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go", + "line": 1186, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go", + "line": 1181, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cloud.google.com/go/storage/storage.go", + "line": 1181, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1179| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1180| \tparsedKey, err := x509.ParsePKCS8PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1181|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1182| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1183| \t\tif err != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/cue.mkErr(*cuelang.org/go/internal/core/runtime.Runtime, cuelang.org/go/internal/core/adt.Node, []interface{})*cuelang.org/go/internal/core/adt.Bottom", + "language": "go", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 100, + "event": "assign_null", + "message": "Assigning: \"e\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 103, + "event": "path", + "message": "Condition \"i < len(args)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 105, + "event": "path", + "message": "Condition \"_, ok := a.(adt.ErrorCode); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 105, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 129, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 103, + "event": "path", + "message": "Condition \"i < len(args)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 105, + "event": "path", + "message": "Condition \"_, ok := a.(adt.ErrorCode); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 107, + "event": "path", + "message": "Condition \"_, ok := a.(adt.Bottom *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 109, + "event": "path", + "message": "Condition \"_, ok := a.([]*cuelang.org/go/internal/core/adt.Bottom); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 109, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 110, + "event": "path", + "message": "Condition \" < len(x)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 129, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 103, + "event": "path", + "message": "Condition \"i < len(args)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 130, + "event": "path", + "message": "Condition \"code >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/errors.go", + "line": 131, + "event": "null_field_access", + "message": "Accessing field of null object \"e\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| \tif code >= 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131|-> \t\te.Code = code", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| \treturn e", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/cue.newInstance(*cuelang.org/go/internal/core/runtime.Runtime, *cuelang.org/go/cue/build.Instance, *cuelang.org/go/internal/core/adt.Vertex)*cuelang.org/go/cue.Instance", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go", + "line": 159, + "event": "path", + "message": "Condition \"p != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go", + "line": 159, + "event": "var_compare_op", + "message": "Comparing \"p\" to null implies that \"p\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/instance.go", + "line": 169, + "event": "null_field_access", + "message": "Accessing field of null object \"p\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 167| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169|-> \tx.AddInst(p.ImportPath, v, p)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| \tx.SetBuildData(p, inst)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| \tinst.index = x", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/cue.Value.Expr()(cuelang.org/go/internal/core/adt.Op, []cuelang.org/go/cue.Value)", + "language": "go", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2259, + "event": "path", + "message": "Condition \"v.v == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2264, + "event": "assign_null", + "message": "Assigning: \"env\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2266, + "event": "path", + "message": "Condition \"v.v.IsData()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2270, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2272, + "event": "path", + "message": "Condition \"v.v.BaseValue == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2308, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.BinaryExpr *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2312, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.UnaryExpr *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2315, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.BoundExpr *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2318, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.BoundValue *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2321, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.Conjunction *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2327, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.Disjunction *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2345, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.DisjunctionExpr *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2383, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.Interpolation *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2389, + "event": "path", + "message": "Condition \"_, ok := expr.(adt.FieldReference *); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2389, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2392, + "event": "identity_transfer", + "message": "Passing \"env\" as argument 1 to member function \"PushState\", which sets \"(*ctx).e\" to that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2392, + "event": "no_write_call", + "message": "Although \"PushState\" does overwrite \"(*ctx).e\" on some paths, it also contains at least one feasible path which does not overwrite it.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2393, + "event": "identity_transfer", + "message": "Member function call \"ctx.Env(x.UpCount)\" returns field \"e\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2393, + "event": "alias_transfer", + "message": "Assigning: \"env\" = \"ctx.Env(x.UpCount)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/cue/types.go", + "line": 2394, + "event": "null_field_access", + "message": "Accessing field of null object \"env\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2392| \t\tf := ctx.PushState(env, x.Src)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2393| \t\tenv := ctx.Env(x.UpCount)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2394|-> \t\ta = append(a, remakeValue(v, nil, &adt.NodeLink{Node: env.Vertex}))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2395| \t\ta = append(a, remakeValue(v, nil, ctx.NewString(x.Label.SelectorString(ctx))))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2396| \t\t_ = ctx.PopState(f)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/jsonschema.anonymous%27(cuelang.org/go/cue.Value, *cuelang.org/go/encoding/jsonschema.state)", + "language": "go", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 490, + "event": "path", + "message": "Condition \"n.Kind() != 128 /* ListKind */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 503, + "event": "path", + "message": "Condition \" < len(obj.Elts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 505, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 506, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 503, + "event": "path", + "message": "Condition \" < len(obj.Elts)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 514, + "event": "path", + "message": "Condition \" < len(s.listItems(\"required\", n, true))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 517, + "event": "path", + "message": "Condition \"f == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 517, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 524, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 514, + "event": "path", + "message": "Condition \" < len(s.listItems(\"required\", n, true))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 517, + "event": "path", + "message": "Condition \"f == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 517, + "event": "var_compare_op", + "message": "Comparing \"f\" to null implies that \"f\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 517, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/jsonschema/constraints.go", + "line": 526, + "event": "null_field_access", + "message": "Accessing field of null object \"f\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 524| \t\t\t\tcontinue", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 525| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 526|-> \t\t\tif f.Optional == token.NoPos {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 527| \t\t\t\ts.errf(n, \"duplicate required field %q\", str)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 528| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/openapi.builder.value(cuelang.org/go/cue.Value, cuelang.org/go/encoding/openapi.typeFunc)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 332, + "event": "path", + "message": "Condition \"b.ctx.expandRefs\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 332, + "event": "path", + "message": "Condition \"b.format != \"\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 339, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"appendSplit\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 339, + "event": "alias_transfer", + "message": "Assigning: \"conjuncts\" = \"appendSplit(nil, 1, v)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 340, + "event": "path", + "message": "Condition \" < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 340, + "event": "null_array_access", + "message": "Accessing an element on null array \"conjuncts\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| \t\taccept := v", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| \t\tconjuncts := appendSplit(nil, cue.AndOp, v)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340|-> \t\tfor _, v := range conjuncts {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341| \t\t\t// This may be a reference to an enum. So we need to check references before", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 342| \t\t\t// dissecting them.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/openapi.builder.value(cuelang.org/go/cue.Value, cuelang.org/go/encoding/openapi.typeFunc)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 332, + "event": "path", + "message": "Condition \"b.ctx.expandRefs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 335, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 366, + "event": "path", + "message": "Condition \"count > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"!isRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 373, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"appendSplit\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 373, + "event": "alias_transfer", + "message": "Assigning: \"conjuncts\" = \"appendSplit(nil, 1, values)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "null_array_access", + "message": "Accessing an element on null array \"conjuncts\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 372| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 373| \t\tconjuncts := appendSplit(nil, cue.AndOp, values)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 374|-> \t\tfor i, v := range conjuncts {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 375| \t\t\tswitch {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 376| \t\t\tcase isConcrete(v):", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/openapi.builder.value(cuelang.org/go/cue.Value, cuelang.org/go/encoding/openapi.typeFunc)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 332, + "event": "path", + "message": "Condition \"b.ctx.expandRefs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 335, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 366, + "event": "path", + "message": "Condition \"count > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"!isRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 384, + "event": "path", + "message": "Condition \"len(r) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 387, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 415, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 429, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 415, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 420, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 429, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 382, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"appendSplit\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 382, + "event": "alias_transfer", + "message": "Assigning: \"a\" = \"appendSplit(nil, 2, v)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "null_array_access", + "message": "Accessing an element on null array \"a\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 381| \t\t\tdefault:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 382| \t\t\t\ta := appendSplit(nil, cue.OrOp, v)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 383|-> \t\t\t\tfor i, v := range a {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 384| \t\t\t\t\tif _, r := v.Reference(); len(r) == 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 385| \t\t\t\t\t\ta[i] = v.Eval()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/openapi.builder.value(cuelang.org/go/cue.Value, cuelang.org/go/encoding/openapi.typeFunc)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 31, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 332, + "event": "path", + "message": "Condition \"b.ctx.expandRefs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 335, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 366, + "event": "path", + "message": "Condition \"count > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"(values.IncompleteKind() & 256 /* StructKind */) != 256 /* StructKind */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 369, + "event": "path", + "message": "Condition \"!isRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 384, + "event": "path", + "message": "Condition \"len(r) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 387, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 415, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 429, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 415, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 420, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 429, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 374, + "event": "path", + "message": "Condition \"i < len(conjuncts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Considering switch case \"isConcrete(v)\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 376, + "event": "path", + "message": "Condition \"true == isConcrete(v)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 375, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 382, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"appendSplit\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 382, + "event": "alias_transfer", + "message": "Assigning: \"a\" = \"appendSplit(nil, 2, v)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 383, + "event": "path", + "message": "Condition \"i < len(a)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 415, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/openapi/build.go", + "line": 419, + "event": "null_array_access", + "message": "Accessing an element on null array \"a\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| \t\t\t\t\t// Conjunct entirely eliminated.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418| \t\t\t\tcase 1:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419|-> \t\t\t\t\tv = a[0]", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| \t\t\t\t\tif err := v.Err(); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421| \t\t\t\t\t\tb.failf(v, \"openapi: %v\", err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/encoding/protobuf/jsonpb.rewriter.rewrite(cuelang.org/go/cue.Value, cuelang.org/go/cue/ast.Expr)cuelang.org/go/cue/ast.Expr", + "language": "go", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 151, + "event": "path", + "message": "Condition \"_, ok := expr.(ast.BasicLit *); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 151, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 152, + "event": "path", + "message": "Condition \"x.Kind != 58 /* NULL */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 153, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 190, + "event": "path", + "message": "Switch case value \"BytesKind\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 211, + "event": "path", + "message": "Condition \"x == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 211, + "event": "var_compare_op", + "message": "Comparing \"x\" to null implies that \"x\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 211, + "event": "path", + "message": "Condition \"q.IsDouble()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 217, + "event": "path", + "message": "Condition \" < len(base64Encodings)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 218, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 219, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 222, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 228, + "event": "path", + "message": "Condition \"q.IsMulti()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/encoding/protobuf/jsonpb/decoder.go", + "line": 233, + "event": "null_field_access", + "message": "Accessing field of null object \"x\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231| \t\t\tquoter = quoter.WithTabIndent(tabs)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233|-> \t\tx.Value = quoter.Quote(string(b))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 234| \t\treturn x", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 235| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/internal/core/adt.ValueError.Path()[]string", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go", + "line": 317, + "event": "path", + "message": "Condition \"e.v == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go", + "line": 320, + "event": "path", + "message": "Condition \" < len(appendPath(nil, e.v))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go", + "line": 320, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"appendPath\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/core/adt/errors.go", + "line": 320, + "event": "null_array_access", + "message": "Accessing an element on null array \"appendPath(nil, e.v)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| \t\treturn nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320|-> \tfor _, f := range appendPath(nil, e.v) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| \t\ta = append(a, f.SelectorString(e.r))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "cuelang.org/go/internal/third_party/yaml.yaml_parser_parse_block_sequence_entry(*cuelang.org/go/internal/third_party/yaml.yaml_parser_t, *cuelang.org/go/internal/third_party/yaml.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 587, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 588, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 588, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 589, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 369, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 370, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 398, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 399, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1026, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1027, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1059, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1060, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 182, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 183, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 587| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 588| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 589|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 590| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 591| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "cuelang.org/go/internal/third_party/yaml.yaml_parser_parse_block_mapping_key(*cuelang.org/go/internal/third_party/yaml.yaml_parser_t, *cuelang.org/go/internal/third_party/yaml.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 683, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 684, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 684, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 685, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 369, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 370, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 398, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 399, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1026, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1027, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1059, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1060, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 182, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 183, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 683| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 684| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 685|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 686| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 687| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "cuelang.org/go/internal/third_party/yaml.yaml_parser_parse_flow_sequence_entry(*cuelang.org/go/internal/third_party/yaml.yaml_parser_t, *cuelang.org/go/internal/third_party/yaml.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 778, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 779, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 779, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 780, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 369, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 370, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 398, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 399, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1026, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1027, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1059, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1060, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 182, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 183, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 778| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 779| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 780|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 781| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 782| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "cuelang.org/go/internal/third_party/yaml.yaml_parser_parse_flow_mapping_key(*cuelang.org/go/internal/third_party/yaml.yaml_parser_t, *cuelang.org/go/internal/third_party/yaml.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 912, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 913, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 913, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 914, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 369, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 370, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 398, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 399, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1026, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1027, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1059, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 1060, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 182, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/internal/third_party/yaml/parserc.go", + "line": 183, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 912| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 913| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 914|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 915| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 916| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/pkg/internal.CallCtxt.invalidArgType(cuelang.org/go/internal/core/adt.Value, int, string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 72, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 76, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 80, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 83, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 88, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 89, + "event": "null_method_call", + "message": "Calling a method on null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89|-> \t\tc.errf(err,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| \t\t\t\"cannot use %s (type %s) as %s in argument %d to %s\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \t\t\targ, v.Kind(), typ, i, c.Name())", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cuelang.org/go/pkg/internal.CallCtxt.invalidArgType(cuelang.org/go/internal/core/adt.Value, int, string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 72, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 76, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 80, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 83, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 88, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/internal/errors.go", + "line": 93, + "event": "null_method_call", + "message": "Calling a method on null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \t\t\targ, v.Kind(), typ, i, c.Name())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93|-> \t\tc.errf(err,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t\t\t\"cannot use %s (type %s) as %s in argument %d to %s\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\t\targ, v.Kind(), typ, i, c.Name())", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "cuelang.org/go/pkg/tool/http.httpCmd.Run(*cuelang.org/go/internal/task.Context)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go", + "line": 107, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go", + "line": 107, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificate(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go", + "line": 110, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go", + "line": 108, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/cuelang.org/go/pkg/tool/http/http.go", + "line": 108, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t\t\tif block.Type == \"PUBLIC KEY\" {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t\t\t\tc, err := x509.ParseCertificate(block.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| \t\t\t\t\treturn nil, errors.Wrapf(err, ctx.Obj.Pos(), \"failed to parse caCert\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| \t\t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/Azure/azure-sdk-for-go/sdk/azidentity.newCertContents([]*crypto/x509.Certificate, *crypto/rsa.PrivateKey, bool)(*github.com/Azure/azure-sdk-for-go/sdk/azidentity.certContents, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 173, + "event": "path", + "message": "Condition \" < len(certs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 174, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"certKey\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 175, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 183, + "event": "path", + "message": "Condition \"sendCertificateChain\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 186, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 173, + "event": "path", + "message": "Condition \" < len(certs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 175, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/client_certificate_credential.go", + "line": 175, + "event": "null_field_access", + "message": "Accessing field of null object \"certKey\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| \tfor _, cert := range certs {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| \t\tcertKey, ok := cert.PublicKey.(*rsa.PublicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175|-> \t\tif ok && key.E == certKey.E && key.N.Cmp(certKey.N) == 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| \t\t\tfp := sha1.Sum(cert.Raw)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| \t\t\tcc.fp = fp[:]", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/Azure/azure-sdk-for-go/sdk/azidentity.NewEnvironmentCredential(*github.com/Azure/azure-sdk-for-go/sdk/azidentity.EnvironmentCredentialOptions)(*github.com/Azure/azure-sdk-for-go/sdk/azidentity.EnvironmentCredential, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go", + "line": 82, + "event": "insufficient_logging", + "message": "Calling \"ParseCertificates\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go", + "line": 82, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificates(certData, nil)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go", + "line": 85, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go", + "line": 83, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/environment_credential.go", + "line": 83, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\tcerts, key, err := ParseCertificates(certData, nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \t\t\treturn nil, fmt.Errorf(`failed to load certificate from \"%s\": %v`, certPath, err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/Azure/azure-sdk-for-go/sdk/azidentity.managedIdentityClient.getAzureArcSecretKey(context.Context, []string)(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 314, + "event": "assign", + "message": "Assigning: \"response\" = \"c.pipeline.Do(request)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 324, + "event": "taint", + "message": "The field \"response.Header\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 324, + "event": "identity", + "message": "Calling \"Get\". This call assigns \"response.Header\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 324, + "event": "assign", + "message": "Assigning: \"header\" = \"response.Header.Get(\"WWW-Authenticate\")\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 333, + "event": "sink", + "message": "Calling \"ReadFile\". This call uses \"header[pos + 1:nil:nil]\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/managed_identity_client.go", + "line": 333, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| \t\treturn \"\", fmt.Errorf(\"did not receive a correct value from WWW-Authenticate header: %s\", header)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333|-> \tkey, err := ioutil.ReadFile(header[pos+1:])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| \t\treturn \"\", fmt.Errorf(\"could not read file (%s) contents: %v\", header[pos+1:], err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential.CertFromPEM([]byte, string)([]*crypto/x509.Certificate, crypto.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 80, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 80, + "event": "assign", + "message": "Assigning: \"err\" = \"DecryptPEMBlock(block, ([]byte)password)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 83, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 81, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 81, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| \t\tif x509.IsEncryptedPEMBlock(block) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| \t\t\tb, err := x509.DecryptPEMBlock(block, []byte(password))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81|-> \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\t\t\treturn nil, nil, fmt.Errorf(\"could not decrypt encrypted PEM block: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential.CertFromPEM([]byte, string)([]*crypto/x509.Certificate, crypto.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 92, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 92, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificate(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 95, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 93, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 93, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \t\tcase \"CERTIFICATE\":", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \t\t\tcert, err := x509.ParseCertificate(block.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93|-> \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t\t\t\treturn nil, nil, fmt.Errorf(\"block labelled 'CERTIFICATE' could not be pared by x509: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential.parsePrivateKey([]byte)(crypto.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 125, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 125, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(der)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 128, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 126, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential/confidential.go", + "line": 126, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| func parsePrivateKey(der []byte) (crypto.PrivateKey, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| \tkey, err := x509.ParsePKCS8PrivateKey(der)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| \t\treturn nil, fmt.Errorf(\"problems decoding private key using PKCS8: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/andybalholm/brotli.hashComposite.Prepare(bool, uint, []byte)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go", + "line": 47, + "event": "path", + "message": "Condition \"h.ha == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go", + "line": 47, + "event": "var_compare_op", + "message": "Comparing \"h.ha\" to null implies that \"h.ha\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/andybalholm/brotli/hash_composite.go", + "line": 51, + "event": "null_method_call", + "message": "Calling a method on null object \"h.ha\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \t\tvar common_b *hasherCommon", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51|-> \t\tcommon_a = h.ha.Common()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\tcommon_a.params = h.params.hasher", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t\tcommon_a.is_prepared_ = false", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/asaskevich/govalidator.IsRsaPublicKey(string, int)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 940, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 940, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKIXPublicKey(der)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 943, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 941, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 941, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 939| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 940| \tkey, err := x509.ParsePKIXPublicKey(der)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 941|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 942| \t\treturn false", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 943| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/blugelabs/bluge/search/searcher.optimizeCompositeSearcher(string, github.com/blugelabs/bluge/search.Reader, []github.com/blugelabs/bluge/search.Searcher, github.com/blugelabs/bluge/search.SearcherOptions)(github.com/blugelabs/bluge/search.Searcher, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go", + "line": 76, + "event": "assign_null", + "message": "Assigning: \"octx\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go", + "line": 77, + "event": "path", + "message": "Condition \" < len(qsearchers)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_disjunction.go", + "line": 94, + "event": "null_method_call", + "message": "Calling a method on null object \"octx\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94|-> \toptimized, err := octx.Finish()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \tif err != nil || optimized == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/blugelabs/bluge/search/searcher.literalPrefix(*regexp/syntax.Regexp)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go", + "line": 86, + "event": "path", + "message": "Condition \"s != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go", + "line": 86, + "event": "var_compare_op", + "message": "Comparing \"s\" to null implies that \"s\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/bluge/search/searcher/search_regexp.go", + "line": 94, + "event": "null_field_access", + "message": "Accessing field of null object \"s\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94|-> \tif s.Op == syntax.OpLiteral && (s.Flags&syntax.FoldCase == 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\treturn string(s.Rune)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 61, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 542, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"newDocNums\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"newDocNums\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 542, + "event": "use", + "message": "Using an unreliable value of \"newDocNums\" inside the second locked section. If the data that \"newDocNums\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 540| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 541| \t\t\tif itr != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 542|-> \t\t\t\tnewDocNums = append(newDocNums, newDocNumsIn[segmentI])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 543| \t\t\t\tif dropsIn[segmentI] != nil && !dropsIn[segmentI].IsEmpty() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 544| \t\t\t\t\tdrops = append(drops, dropsIn[segmentI])", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 544, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"drops\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"drops\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 544, + "event": "use", + "message": "Using an unreliable value of \"drops\" inside the second locked section. If the data that \"drops\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 542| \t\t\t\tnewDocNums = append(newDocNums, newDocNumsIn[segmentI])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 543| \t\t\t\tif dropsIn[segmentI] != nil && !dropsIn[segmentI].IsEmpty() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 544|-> \t\t\t\t\tdrops = append(drops, dropsIn[segmentI])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 545| \t\t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 546| \t\t\t\t\tdrops = append(drops, nil)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 544, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"drops\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"drops\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 546, + "event": "use", + "message": "Using an unreliable value of \"drops\" inside the second locked section. If the data that \"drops\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 544| \t\t\t\t\tdrops = append(drops, dropsIn[segmentI])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 545| \t\t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 546|-> \t\t\t\t\tdrops = append(drops, nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548| \t\t\t\tdicts = append(dicts, dict)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 64, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 548, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"dicts\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"dicts\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 548, + "event": "use", + "message": "Using an unreliable value of \"dicts\" inside the second locked section. If the data that \"dicts\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 546| \t\t\t\t\tdrops = append(drops, nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548|-> \t\t\t\tdicts = append(dicts, dict)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| \t\t\t\titrs = append(itrs, itr)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| \t\t\t\tsegmentsInFocus = append(segmentsInFocus, seg)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 64, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 549, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"itrs\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"itrs\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 549, + "event": "use", + "message": "Using an unreliable value of \"itrs\" inside the second locked section. If the data that \"itrs\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548| \t\t\t\tdicts = append(dicts, dict)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549|-> \t\t\t\titrs = append(itrs, itr)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| \t\t\t\tsegmentsInFocus = append(segmentsInFocus, seg)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 64, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 550, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"segmentsInFocus\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"segmentsInFocus\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 550, + "event": "use", + "message": "Using an unreliable value of \"segmentsInFocus\" inside the second locked section. If the data that \"segmentsInFocus\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548| \t\t\t\tdicts = append(dicts, dict)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| \t\t\t\titrs = append(itrs, itr)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550|-> \t\t\t\tsegmentsInFocus = append(segmentsInFocus, seg)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 548, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"dicts\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"dicts\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 554, + "event": "use", + "message": "Using an unreliable value of \"dicts\" inside the second locked section. If the data that \"dicts\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \treturn newDocNums, drops, dicts, itrs, segmentsInFocus, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 544, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"drops\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"drops\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 554, + "event": "use", + "message": "Using an unreliable value of \"drops\" inside the second locked section. If the data that \"drops\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \treturn newDocNums, drops, dicts, itrs, segmentsInFocus, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 549, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"itrs\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"itrs\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 554, + "event": "use", + "message": "Using an unreliable value of \"itrs\" inside the second locked section. If the data that \"itrs\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \treturn newDocNums, drops, dicts, itrs, segmentsInFocus, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 542, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"newDocNums\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"newDocNums\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 554, + "event": "use", + "message": "Using an unreliable value of \"newDocNums\" inside the second locked section. If the data that \"newDocNums\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \treturn newDocNums, drops, dicts, itrs, segmentsInFocus, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/blugelabs/ice.setupActiveForField([]*github.com/blugelabs/ice.Segment, []*github.com/RoaringBitmap/roaring.Bitmap, [][]uint64, chan struct{}, string)([][]uint64, []*github.com/RoaringBitmap/roaring.Bitmap, []*github.com/blugelabs/ice.Dictionary, []github.com/blevesearch/vellum.Iterator, []*github.com/blugelabs/ice.Segment, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lock", + "message": "Locking \"(*seg).m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"dropsIn[segmentI] != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 543, + "event": "path", + "message": "Condition \"!dropsIn[segmentI].IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 545, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 550, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"segmentsInFocus\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "unlock", + "message": "Unlocking \"(*seg).m\". \"segmentsInFocus\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 526, + "event": "path", + "message": "Condition \"isClosed(closeCh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 532, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 535, + "event": "path", + "message": "Condition \"dict.fst != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 538, + "event": "path", + "message": "Condition \"err != ErrIteratorDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 541, + "event": "path", + "message": "Condition \"itr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 524, + "event": "path", + "message": "Condition \"segmentI < len(segments)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 531, + "event": "lockagain", + "message": "Locking \"(*seg).m\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/blugelabs/ice/merge.go", + "line": 554, + "event": "use", + "message": "Using an unreliable value of \"segmentsInFocus\" inside the second locked section. If the data that \"segmentsInFocus\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \treturn newDocNums, drops, dicts, itrs, segmentsInFocus, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/denisenkom/go-mssqldb.dialConnection(context.Context, *github.com/denisenkom/go-mssqldb.Connector, github.com/denisenkom/go-mssqldb.connectParams)(net.Conn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 774, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 776, + "event": "path", + "message": "Condition \"ip == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 781, + "event": "path", + "message": "Condition \"len(ips) == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 791, + "event": "path", + "message": "Condition \" < len(ips)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 802, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 791, + "event": "path", + "message": "Condition \" < len(ips)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 805, + "event": "path", + "message": "Condition \"i < len(ips)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 806, + "event": "path", + "message": "Selecting channel \"case conn = <-connChan:\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 819, + "event": "assign_null", + "message": "Assigning: \"err\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 820, + "event": "path", + "message": "Breaking to label \"wait_loop\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 826, + "event": "path", + "message": "Condition \"conn == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/denisenkom/go-mssqldb/tds.go", + "line": 828, + "event": "null_method_call", + "message": "Calling a method on null object \"err\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 826| \tif conn == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 827| \t\tf := \"Unable to open tcp connection with host '%v:%v': %v\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 828|-> \t\treturn nil, fmt.Errorf(f, p.host, resolveServerPort(p.port), err.Error())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 829| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 830| \treturn conn, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/elazarl/goproxy.ProxyHttpServer.handleHttps(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 93, + "event": "taint", + "message": "The field \"r.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 107, + "event": "concat", + "message": "Creating a tainted string using \"host\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 107, + "event": "assign", + "message": "Assigning a tainted string to \"host\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 109, + "event": "sink", + "message": "Calling \"connectDial\". This call uses \"host\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 109, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t\t\thost += \":80\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109|-> \t\ttargetSiteCon, err := proxy.connectDial(\"tcp\", host)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| \t\t\thttpError(proxyClient, ctx, err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/elazarl/goproxy.ProxyHttpServer.handleHttps(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 93, + "event": "taint", + "message": "The field \"r.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 93, + "event": "assign", + "message": "Assigning: \"\" = \"r.URL.Host\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 93, + "event": "assign", + "message": "Assigning: \"host\" = \"{OkConnect, r.URL.Host}\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 140, + "event": "sink", + "message": "Calling \"connectDial\". This call uses \"host\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/https.go", + "line": 140, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| \t\tproxyClient.Write([]byte(\"HTTP/1.0 200 OK\\r\\n\\r\\n\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| \t\tctx.Logf(\"Assuming CONNECT is plain HTTP tunneling, mitm proxying it\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 140|-> \t\ttargetSiteCon, err := proxy.connectDial(\"tcp\", host)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \t\t\tctx.Warnf(\"Error dialing to %s: %s\", host, err.Error())", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/elazarl/goproxy.signHost(crypto/tls.Certificate, []string)(*crypto/tls.Certificate, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 44, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 49, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 68, + "event": "path", + "message": "Condition \" < len(hosts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 69, + "event": "path", + "message": "Condition \"ip != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 71, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 75, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 68, + "event": "path", + "message": "Condition \" < len(hosts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 69, + "event": "path", + "message": "Condition \"ip != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 75, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 68, + "event": "path", + "message": "Condition \" < len(hosts)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 79, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 83, + "event": "assign_null", + "message": "Assigning: \"certpriv\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 85, + "event": "path", + "message": "Condition \"_, ok := ca.PrivateKey.(rsa.PrivateKey *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 89, + "event": "path", + "message": "Condition \"_, ok := ca.PrivateKey.(ecdsa.PrivateKey *); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 84, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/signer.go", + "line": 98, + "event": "null_method_call", + "message": "Calling a method on null object \"certpriv\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| \tvar derBytes []byte", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98|-> \tif derBytes, err = x509.CreateCertificate(&csprng, &template, x509ca, certpriv.Public(), ca.PrivateKey); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| \t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/elazarl/goproxy/transport.Transport.DetailedRoundTrip(*net/http.Request)(*github.com/elazarl/goproxy/transport.RoundTripDetails, *net/http.Response, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go", + "line": 155, + "event": "taint", + "message": "Calling \"connectMethodForRequest\".\n* This call assigns \"((.$0).targetAddr).Host\" to \"(.$0).targetAddr\". Now \"(.$0).targetAddr\" is tainted.\n* This call taints \"(.$0).targetAddr\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go", + "line": 155, + "event": "assign", + "message": "Assigning: \"cm\" = \"t.connectMethodForRequest(treq)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go", + "line": 164, + "event": "sink", + "message": "Calling \"getConn\". This call uses \"cm.targetAddr\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/transport/transport.go", + "line": 164, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| \t// pre-CONNECTed to https server. In any case, we'll be ready", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| \t// to send it requests.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 164|-> \tpconn, err := t.getConn(cm)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 165| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 166| \t\treturn nil, nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/elazarl/goproxy.ProxyHttpServer.serveWebsocketTLS(*github.com/elazarl/goproxy.ProxyCtx, net/http.ResponseWriter, *net/http.Request, *crypto/tls.Config, *crypto/tls.Conn)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 29, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 29, + "event": "assign", + "message": "Assigning: \".Host\" = \"req.URL.Host\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 29, + "event": "assign", + "message": "Assigning a tainted string to \"targetURL\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 32, + "event": "sink", + "message": "Calling \"Dial\". This call uses \"targetURL.Host\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 32, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| \t// Connect to upstream", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32|-> \ttargetConn, err := tls.Dial(\"tcp\", targetURL.Host, tlsConfig)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \t\tctx.Warnf(\"Error dialing target site: %v\", err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/elazarl/goproxy.ProxyHttpServer.serveWebsocket(*github.com/elazarl/goproxy.ProxyCtx, net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 50, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 50, + "event": "assign", + "message": "Assigning: \".Host\" = \"req.URL.Host\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 50, + "event": "assign", + "message": "Assigning a tainted string to \"targetURL\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 52, + "event": "sink", + "message": "Calling \"connectDial\". This call uses \"targetURL.Host\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/elazarl/goproxy/websocket.go", + "line": 52, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| \ttargetURL := url.URL{Scheme: \"ws\", Host: req.URL.Host, Path: req.URL.Path}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52|-> \ttargetConn, err := proxy.connectDial(\"tcp\", targetURL.Host)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \t\tctx.Warnf(\"Error dialing target site: %v\", err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/jsoninfo.ObjectEncoder.EncodeStructFieldsAndExtensions(interface{})error", + "language": "go", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 60, + "event": "path", + "message": "Condition \"reflection.Kind() != 22 /* Ptr */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 64, + "event": "path", + "message": "Condition \"reflection.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 83, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 97, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 101, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 103, + "event": "path", + "message": "Switch case value \"Ptr\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 105, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 155, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 159, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 96, + "event": "null_method_call", + "message": "Calling a method on null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t\t\t\tcontinue", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96|-> \t\t\tfieldData, err := v.MarshalJSON()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \t\t\t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Links.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 16, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 20, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 20, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 23, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 21| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 22| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 23|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Parameters.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 36, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 40, + "event": "path", + "message": "Condition \"index < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 40, + "event": "path", + "message": "Condition \"index >= len(p)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 46, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 46, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 49, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.RequestBodies.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 18, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 22, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 22, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 25, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 23| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Responses.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 47, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 51, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 51, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 54, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.SchemaRefs.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 88, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 92, + "event": "path", + "message": "Condition \"i >= (uint64)len(s)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 98, + "event": "path", + "message": "Condition \"ref == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 98, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 99, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \tif ref == nil || ref.Ref != \"\" {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99|-> \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \treturn ref.Value, nil", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 319, + "imp": 1, + "function": "github.com/go-git/go-git/v5/plumbing/transport/file.ServeUploadPack(string)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 17, + "event": "sensitive_data", + "message": "Calling \"NewEndpoint\". This call stores sensitive data in \"(.$0).Password\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 17, + "event": "assign", + "message": "Assigning: \"ep\" = \"NewEndpoint(path)\". Now \"ep.Password\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 23, + "event": "identity", + "message": "Calling \"NewUploadPackSession\". This call assigns \"ep\" to \"((.$0).session).endpoint\". (The interface method resolves to \"http.client.NewUploadPackSession(transport.Endpoint *, transport.AuthMethod)\".) Now \".endpoint.Password\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 23, + "event": "assign", + "message": "Assigning: \"s\" = \"DefaultServer.NewUploadPackSession(ep, nil)\". Now \"s.session.endpoint.Password\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 28, + "event": "sink", + "message": "Calling \"ServeUploadPack\". This sends the sensitive data \"s.session.endpoint.Password\" over the network. It may be exposed to unintended individuals.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/file/server.go", + "line": 28, + "event": "remediation", + "message": "Do not leak this data to the network.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \treturn common.ServeUploadPack(srvCmd, s)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServeUploadPack(github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServerCommand, github.com/go-git/go-git/v5/plumbing/transport.UploadPackSession)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 23, + "event": "taint", + "message": "Calling \"AdvertisedReferences\". This call taints \"s.session.endpoint.Host\". (The interface method resolves to \"http.upSession.AdvertisedReferences()\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "sink", + "message": "Calling \"UploadPack\". This call uses \"s.session.endpoint.Host\" for sensitive computation. (The interface method resolves to \"http.upSession.UploadPack(Context, packp.UploadPackRequest *)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \tvar resp *packp.UploadPackResponse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38|-> \tresp, err = s.UploadPack(context.TODO(), req)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| \t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServeUploadPack(github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServerCommand, github.com/go-git/go-git/v5/plumbing/transport.UploadPackSession)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 23, + "event": "taint", + "message": "Calling \"AdvertisedReferences\". This call taints \"s.session.endpoint.Path\". (The interface method resolves to \"http.upSession.AdvertisedReferences()\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "sink", + "message": "Calling \"UploadPack\". This call uses \"s.session.endpoint.Path\" for sensitive computation. (The interface method resolves to \"http.upSession.UploadPack(Context, packp.UploadPackRequest *)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \tvar resp *packp.UploadPackResponse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38|-> \tresp, err = s.UploadPack(context.TODO(), req)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| \t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServeUploadPack(github.com/go-git/go-git/v5/plumbing/transport/internal/common.ServerCommand, github.com/go-git/go-git/v5/plumbing/transport.UploadPackSession)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 23, + "event": "taint", + "message": "Calling \"AdvertisedReferences\". This call taints \"s.session.endpoint.Protocol\". (The interface method resolves to \"http.upSession.AdvertisedReferences()\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "sink", + "message": "Calling \"UploadPack\". This call uses \"s.session.endpoint.Protocol\" for sensitive computation. (The interface method resolves to \"http.upSession.UploadPack(Context, packp.UploadPackRequest *)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/plumbing/transport/internal/common/server.go", + "line": 38, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \tvar resp *packp.UploadPackResponse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38|-> \tresp, err = s.UploadPack(context.TODO(), req)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| \t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 319, + "imp": 1, + "function": "github.com/go-git/go-git/v5.Remote.fetch(context.Context, *github.com/go-git/go-git/v5.FetchOptions)(github.com/go-git/go-git/v5/plumbing/storer.ReferenceStorer, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 317, + "event": "sensitive_data", + "message": "Calling \"newUploadPackSession\".\n* This call stores sensitive data in \"(((.$0).Command).endpoint).Password\".\n* This call assigns a reference to \"((.$0).Command).endpoint\" to \"((.$0).session).endpoint\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 317, + "event": "assign", + "message": "Assigning: \"s\" = \"newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 324, + "event": "sink", + "message": "Calling \"AdvertisedReferencesContext\". This sends the sensitive data \"s.session.endpoint.Password\" over the network. It may be exposed to unintended individuals. (The interface method resolves to \"http.upSession.AdvertisedReferencesContext(Context)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 324, + "event": "remediation", + "message": "Do not leak this data to the network.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| \tdefer ioutil.CheckClose(s, &err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 323| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 324|-> \tar, err := s.AdvertisedReferencesContext(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 325| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 326| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5.Remote.fetch(context.Context, *github.com/go-git/go-git/v5.FetchOptions)(github.com/go-git/go-git/v5/plumbing/storer.ReferenceStorer, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 324, + "event": "taint", + "message": "Calling \"AdvertisedReferencesContext\". This call taints \"s.session.endpoint.Host\". (The interface method resolves to \"http.upSession.AdvertisedReferencesContext(Context)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "sink", + "message": "Calling \"fetchPack\". This call uses \"s.session.endpoint.Host\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367|-> \t\tif err = r.fetchPack(ctx, o, s, req); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5.Remote.fetch(context.Context, *github.com/go-git/go-git/v5.FetchOptions)(github.com/go-git/go-git/v5/plumbing/storer.ReferenceStorer, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 324, + "event": "taint", + "message": "Calling \"AdvertisedReferencesContext\". This call taints \"s.session.endpoint.Path\". (The interface method resolves to \"http.upSession.AdvertisedReferencesContext(Context)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "sink", + "message": "Calling \"fetchPack\". This call uses \"s.session.endpoint.Path\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367|-> \t\tif err = r.fetchPack(ctx, o, s, req); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/go-git/go-git/v5.Remote.fetch(context.Context, *github.com/go-git/go-git/v5.FetchOptions)(github.com/go-git/go-git/v5/plumbing/storer.ReferenceStorer, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 324, + "event": "taint", + "message": "Calling \"AdvertisedReferencesContext\". This call taints \"s.session.endpoint.Protocol\". (The interface method resolves to \"http.upSession.AdvertisedReferencesContext(Context)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "sink", + "message": "Calling \"fetchPack\". This call uses \"s.session.endpoint.Protocol\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367|-> \t\tif err = r.fetchPack(ctx, o, s, req); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 319, + "imp": 1, + "function": "github.com/go-git/go-git/v5.Remote.fetch(context.Context, *github.com/go-git/go-git/v5.FetchOptions)(github.com/go-git/go-git/v5/plumbing/storer.ReferenceStorer, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 317, + "event": "sensitive_data", + "message": "Calling \"newUploadPackSession\".\n* This call stores sensitive data in \"(((.$0).Command).endpoint).Password\".\n* This call assigns a reference to \"((.$0).Command).endpoint\" to \"((.$0).session).endpoint\". Now \".endpoint.Password\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 317, + "event": "assign", + "message": "Assigning: \"s\" = \"newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)\". Now \"s.session.endpoint.Password\" contains sensitive data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "sink", + "message": "Calling \"fetchPack\". This sends the sensitive data \"s.session.endpoint.Password\" over the network. It may be exposed to unintended individuals.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 367, + "event": "remediation", + "message": "Do not leak this data to the network.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367|-> \t\tif err = r.fetchPack(ctx, o, s, req); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 319, + "imp": 1, + "function": "github.com/go-git/go-git/v5.Remote.list(context.Context, *github.com/go-git/go-git/v5.ListOptions)([]*github.com/go-git/go-git/v5/plumbing.Reference, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 1094, + "event": "sensitive_data", + "message": "Calling \"newUploadPackSession\".\n* This call stores sensitive data in \"(((.$0).Command).endpoint).Password\".\n* This call assigns a reference to \"((.$0).Command).endpoint\" to \"((.$0).session).endpoint\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 1094, + "event": "assign", + "message": "Assigning: \"s\" = \"newUploadPackSession(r.c.URLs[0], o.Auth, o.InsecureSkipTLS, o.CABundle)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 1101, + "event": "sink", + "message": "Calling \"AdvertisedReferencesContext\". This sends the sensitive data \"s.session.endpoint.Password\" over the network. It may be exposed to unintended individuals. (The interface method resolves to \"http.upSession.AdvertisedReferencesContext(Context)\".)", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/remote.go", + "line": 1101, + "event": "remediation", + "message": "Do not leak this data to the network.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1099| \tdefer ioutil.CheckClose(s, &err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1100| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1101|-> \tar, err := s.AdvertisedReferencesContext(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1102| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1103| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-git/go-git/v5.Repository.ResolveRevision(github.com/go-git/go-git/v5/plumbing.Revision)(*github.com/go-git/go-git/v5/plumbing.Hash, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1434, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1438, + "event": "assign_null", + "message": "Assigning: \"commit\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1440, + "event": "path", + "message": "Condition \" < len(items)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1442, + "event": "path", + "message": "Condition \"_, ok := item.(revision.Ref); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1491, + "event": "path", + "message": "Condition \"_, ok := item.(revision.CaretPath); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1519, + "event": "path", + "message": "Condition \"_, ok := item.(revision.TildePath); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1529, + "event": "path", + "message": "Condition \"_, ok := item.(revision.CaretReg); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1441, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1560, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1440, + "event": "path", + "message": "Condition \" < len(items)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-git/go-git/v5/repository.go", + "line": 1562, + "event": "null_field_access", + "message": "Accessing field of null object \"commit\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1560| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1561| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1562|-> \treturn &commit.Hash, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1563| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1564| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-kit/kit/log/level.logger.Log([]interface{})error", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 50, + "event": "path", + "message": "Condition \"i < len(keyvals)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 51, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 51, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 56, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 50, + "event": "path", + "message": "Condition \"i < len(keyvals)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 51, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/kit/log/level/level.go", + "line": 53, + "event": "null_field_access", + "message": "Accessing field of null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| \t\tif v, ok := keyvals[i].(*levelValue); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\t\thasLevel = true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53|-> \t\t\tlevelAllowed = l.allowed&v.level != 0", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \t\t\tbreak", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-kit/log/level.logger.Log([]interface{})error", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 58, + "event": "path", + "message": "Condition \"i < len(keyvals)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 59, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 59, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 64, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 58, + "event": "path", + "message": "Condition \"i < len(keyvals)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 59, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-kit/log/level/level.go", + "line": 61, + "event": "null_field_access", + "message": "Accessing field of null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \t\tif v, ok := keyvals[i].(*levelValue); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \t\t\thasLevel = true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> \t\t\tlevelAllowed = l.allowed&v.level != 0", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t\t\tbreak", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-logr/logr/funcr.Formatter.prettyWithFlags(interface{}, uint32, int)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 34, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 346, + "event": "path", + "message": "Condition \"depth > f.opts.MaxLogDepth\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 351, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 359, + "event": "path", + "message": "Condition \"_, ok := value.(Stringer); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 359, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 367, + "event": "path", + "message": "Condition \"_, ok := value.(bool); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 369, + "event": "path", + "message": "Condition \"_, ok := value.(string); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 371, + "event": "path", + "message": "Condition \"_, ok := value.(int); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 373, + "event": "path", + "message": "Condition \"_, ok := value.(int8); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 375, + "event": "path", + "message": "Condition \"_, ok := value.(int16); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 377, + "event": "path", + "message": "Condition \"_, ok := value.(int32); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 379, + "event": "path", + "message": "Condition \"_, ok := value.(int64); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 381, + "event": "path", + "message": "Condition \"_, ok := value.(uint); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 383, + "event": "path", + "message": "Condition \"_, ok := value.(uint8); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 385, + "event": "path", + "message": "Condition \"_, ok := value.(uint16); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 387, + "event": "path", + "message": "Condition \"_, ok := value.(uint32); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 389, + "event": "path", + "message": "Condition \"_, ok := value.(uint64); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 391, + "event": "path", + "message": "Condition \"_, ok := value.(uint); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 393, + "event": "path", + "message": "Condition \"_, ok := value.(float32); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 395, + "event": "path", + "message": "Condition \"_, ok := value.(float64); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 397, + "event": "path", + "message": "Condition \"_, ok := value.(__coverity_complex_float); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 399, + "event": "path", + "message": "Condition \"_, ok := value.(__coverity_complex_double); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 401, + "event": "path", + "message": "Condition \"_, ok := value.(funcr.PseudoStruct); ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 366, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 425, + "event": "path", + "message": "Condition \"t == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 429, + "event": "path", + "message": "Switch case value \"Map\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 518, + "event": "path", + "message": "Condition \"it.Next()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 519, + "event": "path", + "message": "Condition \"i > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 524, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"m\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 524, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 535, + "event": "path", + "message": "Condition \"t.Key().Kind() != 24 /* String */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 545, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 518, + "event": "path", + "message": "Condition \"it.Next()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 519, + "event": "path", + "message": "Condition \"i > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 524, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-logr/logr/funcr/funcr.go", + "line": 525, + "event": "null_method_call", + "message": "Calling a method on null object \"m\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 523| \t\t\tkeystr := \"\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 524| \t\t\tif m, ok := it.Key().Interface().(encoding.TextMarshaler); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 525|-> \t\t\t\ttxt, err := m.MarshalText()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 526| \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 527| \t\t\t\t\tkeystr = fmt.Sprintf(\"\", err.Error())", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-openapi/runtime/middleware.newSecureAPI.anonymous%0(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go", + "line": 22, + "event": "path", + "message": "Condition \"rCtx != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go", + "line": 25, + "event": "path", + "message": "Condition \"route != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go", + "line": 25, + "event": "var_compare_op", + "message": "Comparing \"route\" to null implies that \"route\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go", + "line": 31, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/runtime/middleware/security.go", + "line": 32, + "event": "null_field_access", + "message": "Accessing field of null object \"route\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t_, rCtx, err := ctx.Authorize(r, route)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32|-> \t\t\tctx.Respond(rw, r, route.Produces, route, err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33| \t\t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-openapi/validate.SchemaValidator.Validate(interface{})*github.com/go-openapi/validate.Result", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 112, + "event": "path", + "message": "Condition \"s == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 115, + "event": "path", + "message": "Condition \"s.Schema != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 115, + "event": "var_compare_op", + "message": "Comparing \"s.Schema\" to null implies that \"s.Schema\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 119, + "event": "path", + "message": "Condition \"data == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 127, + "event": "path", + "message": "Condition \"kind == 22 /* Ptr */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 133, + "event": "path", + "message": "Condition \"kind == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-openapi/validate/schema.go", + "line": 143, + "event": "null_field_access", + "message": "Accessing field of null object \"s.Schema\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t// TODO: this part should be handed over to type validator", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \t// Handle special case of json.Number data (number marshalled as string)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \tisnumber := s.Schema.Type.Contains(numberType) || s.Schema.Type.Contains(integerType)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tif num, ok := data.(json.Number); ok && isnumber {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\tif s.Schema.Type.Contains(integerType) { // avoid lossy conversion", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-sql-driver/mysql.mysqlConn.handleInFileRequest(string)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 100, + "event": "path", + "message": "Condition \"mc.maxWriteSize < packetSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 104, + "event": "path", + "message": "Condition \"idx == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 112, + "event": "path", + "message": "Condition \"inMap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 114, + "event": "path", + "message": "Condition \"rdr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 114, + "event": "var_compare_op", + "message": "Comparing \"rdr\" to null implies that \"rdr\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 121, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 124, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 151, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 151, + "event": "path", + "message": "Condition \"packetSize > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 154, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/infile.go", + "line": 155, + "event": "null_method_call", + "message": "Calling a method on null object \"rdr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| \t\tvar n int", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154| \t\tfor err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155|-> \t\t\tn, err = rdr.Read(data[4:])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \t\t\tif n > 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \t\t\t\tif ioErr := mc.writePacket(data[:4+n]); ioErr != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/go-sql-driver/mysql.mysqlConn.readResultSetHeaderPacket()(int, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go", + "line": 538, + "event": "taint", + "message": "Calling \"readPacket\".\n* This call taints \"mc.buf.dbuf\".\n* This call returns a struct containing \"mc.buf.dbuf\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go", + "line": 538, + "event": "assign", + "message": "Assigning: \"data\" = \"mc.readPacket()\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go", + "line": 549, + "event": "sink", + "message": "Calling \"handleInFileRequest\". This call uses \"(string)data[1:nil:nil]\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/go-sql-driver/mysql/packets.go", + "line": 549, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548| \t\tcase iLocalInFile:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549|-> \t\t\treturn 0, mc.handleInFileRequest(string(data[1:]))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/gogo/protobuf/proto.TextMarshaler.writeExtensions(*github.com/gogo/protobuf/proto.textWriter, reflect.Value)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go", + "line": 756, + "event": "assign_null", + "message": "Assigning: \"mu\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go", + "line": 757, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go", + "line": 765, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gogo/protobuf/proto/text.go", + "line": 777, + "event": "null_method_call", + "message": "Calling a method on null object \"mu\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775| \t// canonical output, which will also make testing easier.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 776| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 777|-> \tmu.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 778| \tids := make([]int32, 0, len(m))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 779| \tfor id := range m {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt.ParseRSAPrivateKeyFromPEM([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tvar parsedKey interface{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt.ParseRSAPrivateKeyFromPEMWithPassword([]byte, string)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 59, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 59, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(blockDecrypted)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 62, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 60, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 60, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/golang-jwt/jwt/v4.SigningMethodEd25519.Sign(string, interface{})(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 67, + "event": "assign_null", + "message": "Assigning: \"ed25519Key\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 70, + "event": "path", + "message": "Condition \"!ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 74, + "event": "null_method_call", + "message": "Calling a method on null object \"ed25519Key\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74|-> \tif _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| \t\treturn \"\", ErrInvalidKey", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt/v4.ParseRSAPrivateKeyFromPEM([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tvar parsedKey interface{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt/v4.ParseRSAPrivateKeyFromPEMWithPassword([]byte, string)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 63, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 63, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(blockDecrypted)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 66, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 64, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 64, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/gomodule/redigo/redis.flattenStruct(github.com/gomodule/redigo/redis.Args, reflect.Value)github.com/gomodule/redigo/redis.Args", + "language": "go", + "tool": "coverity", + "key_event_idx": 27, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 675, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 679, + "event": "path", + "message": "Condition \" < len(ss.l)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 681, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 683, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 679, + "event": "path", + "message": "Condition \" < len(ss.l)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 681, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 685, + "event": "path", + "message": "Condition \"fs.omitEmpty\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 687, + "event": "path", + "message": "Switch case value \"Array\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 689, + "event": "path", + "message": "Condition \"fv.Len() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 701, + "event": "path", + "message": "Condition \"empty\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 702, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 679, + "event": "path", + "message": "Condition \" < len(ss.l)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 681, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 685, + "event": "path", + "message": "Condition \"fs.omitEmpty\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 687, + "event": "path", + "message": "Switch case value \"Bool\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 691, + "event": "path", + "message": "Condition \"!fv.Bool()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 701, + "event": "path", + "message": "Condition \"empty\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 705, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"arg\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 705, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 707, + "event": "path", + "message": "Condition \"fv.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 708, + "event": "path", + "message": "Condition \"!fv.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 711, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 714, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 679, + "event": "path", + "message": "Condition \" < len(ss.l)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 681, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 685, + "event": "path", + "message": "Condition \"fs.omitEmpty\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 705, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gomodule/redigo/redis/scan.go", + "line": 706, + "event": "null_method_call", + "message": "Calling a method on null object \"arg\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 704| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 705| \t\tif arg, ok := fv.Interface().(Argument); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 706|-> \t\t\targs = append(args, fs.name, arg.RedisArg())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 707| \t\t} else if fv.Kind() == reflect.Ptr {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708| \t\t\tif !fv.IsNil() {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/google/go-cmp/cmp.Options.apply(*github.com/google/go-cmp/cmp.state, reflect.Value, reflect.Value)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 91, + "event": "path", + "message": "Condition \" < len(flattenOptions(nil, opts))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 93, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 91, + "event": "path", + "message": "Condition \" < len(flattenOptions(nil, opts))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 91, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"flattenOptions\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 91, + "event": "null_array_access", + "message": "Accessing an element on null array \"flattenOptions(nil, opts)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| \tconst help = \"consider using filters to ensure at most one Comparer or Transformer may apply\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| \tvar ss []string", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91|-> \tfor _, opt := range flattenOptions(nil, opts) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \t\tss = append(ss, fmt.Sprint(opt))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/google/go-cmp/cmp.normalizeOption(github.com/google/go-cmp/cmp.Option)github.com/google/go-cmp/cmp.Option", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 526, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"flattenOptions\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 526, + "event": "alias_transfer", + "message": "Assigning: \"opts\" = \"flattenOptions(nil, {src})\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 526, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 530, + "event": "null_array_access", + "message": "Accessing an element on null array \"opts\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 528| \t\treturn nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 529| \tcase 1:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530|-> \t\treturn opts[0]", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| \tdefault:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| \t\treturn opts", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/gorilla/mux.routeRegexpGroup.setMatch(*net/http.Request, *github.com/gorilla/mux.RouteMatch, *github.com/gorilla/mux.Route)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go", + "line": 353, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go", + "line": 357, + "event": "concat", + "message": "Creating a tainted string using \"u.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go", + "line": 357, + "event": "assign", + "message": "Assigning a tainted string to \"u.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go", + "line": 359, + "event": "identity", + "message": "Calling \"String\". This call assigns \"u.Path\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/mux/regexp.go", + "line": 359, + "event": "sink", + "message": "Calling \"RedirectHandler\". This call passes the tainted data, \"u.String()\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 357| \t\t\t\t\t\tu.Path += \"/\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 358| \t\t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 359|-> \t\t\t\t\tm.Handler = http.RedirectHandler(u.String(), http.StatusMovedPermanently)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 360| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 361| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/gorilla/websocket.decompressNoContextTakeover(io.Reader)io.ReadCloser", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/websocket/compression.go", + "line": 35, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"fr\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/websocket/compression.go", + "line": 36, + "event": "null_method_call", + "message": "Calling a method on null object \"fr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| \tfr, _ := flateReaderPool.Get().(io.ReadCloser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36|-> \tfr.(flate.Resetter).Reset(io.MultiReader(r, strings.NewReader(tail)), nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \treturn &flateReadWrapper{fr}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SOCKET_ACCEPT_ALL_ORIGINS", + "cwe": 942, + "function": "github.com/gorilla/websocket.Upgrade(net/http.ResponseWriter, *net/http.Request, net/http.Header, int, int)(*github.com/gorilla/websocket.Conn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go", + "line": 302, + "event": "go_socketio_all_origins", + "message": "The function \"function anonymous%1\" always returns \"true\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go", + "line": 302, + "event": "go_socketio_all_origins", + "message": "The function \"Upgrader.CheckOrigin()\" always returns \"true\" to accept requests from all origins.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/gorilla/websocket/server.go", + "line": 302, + "event": "go_socketio_all_origins", + "message": "Modify the \"Upgrader.CheckOrigin()\" function to only return \"true\" for trusted origins, or remove the function completely since the default \"Upgrader\" will only create \"WebSocket\" connections with clients from the same origin.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 300| \t\t// don't return errors to maintain backwards compatibility", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 301| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 302|-> \tu.CheckOrigin = func(r *http.Request) bool {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 303| \t\t// allow all connections by default", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 304| \t\treturn true", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/grafana/dskit/flagext.URLValue.MarshalYAML()(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go", + "line": 54, + "event": "hardcoded_credential", + "message": "The constant string \"\"********\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go", + "line": 54, + "event": "password_use", + "message": "Calling \"UserPassword\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/dskit/flagext/url.go", + "line": 54, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \tif u.User != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t\tif _, set := u.User.Password(); set {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> \t\t\tu.User = url.UserPassword(u.User.Username(), \"********\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana-aws-sdk/pkg/sigv4.middleware.createSignedRequest(*net/http.Request)(*net/http.Request, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "taint", + "message": "The field \"origReq.Method\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "sink", + "message": "Calling \"NewRequest\". This call uses \"origReq.Method\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tm.logRequest(origReq, \"stage\", \"pre-signature\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> \treq, err := http.NewRequest(origReq.Method, origReq.URL.String(), origReq.Body)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "github.com/grafana/grafana-aws-sdk/pkg/sigv4.middleware.createSignedRequest(*net/http.Request)(*net/http.Request, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "taint", + "message": "The field \"origReq.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "identity", + "message": "Calling \"String\". This call assigns \"origReq.URL.Fragment\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "sink", + "message": "Calling \"NewRequest\". This call uses \"origReq.URL.String()\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-aws-sdk/pkg/sigv4/sigv4.go", + "line": 146, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tm.logRequest(origReq, \"stage\", \"pre-signature\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> \treq, err := http.NewRequest(origReq.Method, origReq.URL.String(), origReq.Body)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/grafana/grafana-plugin-sdk-go/experimental/e2e.NewProxy(github.com/grafana/grafana-plugin-sdk-go/experimental/e2e.ProxyMode, []*github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/fixture.Fixture, *github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/config.Config)*github.com/grafana/grafana-plugin-sdk-go/experimental/e2e.Proxy", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go", + "line": 52, + "event": "insufficient_logging", + "message": "Calling \"setupCA\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go", + "line": 52, + "event": "assign", + "message": "Assigning: \"err\" = \"setupCA(config)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go", + "line": 55, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go", + "line": 53, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/proxy.go", + "line": 53, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| func NewProxy(mode ProxyMode, fixture []*fixture.Fixture, config *config.Config) *Proxy {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \terr := setupCA(config)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \t\tpanic(err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage.OpenAPI.Match(*net/http.Request)*net/http.Response", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 75, + "event": "path", + "message": "Condition \"operation == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 80, + "event": "path", + "message": "Condition \"response == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 94, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 97, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 94, + "event": "path", + "message": "Condition \" < len()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 99, + "event": "path", + "message": "Condition \"response.Content == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 104, + "event": "path", + "message": "Condition \"content == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 104, + "event": "var_compare_op", + "message": "Comparing \"content\" to null implies that \"content\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 106, + "event": "path", + "message": "Condition \" < len()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/e2e/storage/openapi.go", + "line": 112, + "event": "null_field_access", + "message": "Accessing field of null object \"content\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112|-> \texample := content.Example", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \tif example == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \t\t// get the first example in the map", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/grpc-ecosystem/grpc-gateway/v2/runtime.populateFieldValueFromPath(google.golang.org/protobuf/reflect/protoreflect.Message, []string, []string)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go", + "line": 68, + "event": "path", + "message": "Condition \"len(fieldPath) < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go", + "line": 71, + "event": "path", + "message": "Condition \"len(values) < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go", + "line": 75, + "event": "assign_null", + "message": "Assigning: \"fieldDescriptor\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go", + "line": 76, + "event": "path", + "message": "Condition \"i < len(fieldPath)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/grpc-ecosystem/grpc-gateway/v2/runtime/query.go", + "line": 106, + "event": "null_method_call", + "message": "Calling a method on null object \"fieldDescriptor\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t// Check if oneof already set", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106|-> \tif of := fieldDescriptor.ContainingOneof(); of != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t\tif f := msgValue.WhichOneof(of); f != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \t\t\treturn fmt.Errorf(\"field already set for oneof %q\", of.FullName().Name())", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/hashicorp/go-plugin.Client.Start()(net.Addr, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 765, + "event": "insufficient_logging", + "message": "Calling \"loadServerCert\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 765, + "event": "assign", + "message": "Assigning: \"err\" = \"c.loadServerCert(parts[5])\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 768, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 766, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 766, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 764| \t\tif len(parts) >= 6 && len(parts[5]) > 50 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 765| \t\t\terr := c.loadServerCert(parts[5])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 766|-> \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 767| \t\t\t\treturn nil, fmt.Errorf(\"error parsing server cert: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 768| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/hashicorp/go-plugin.Client.Protocol()github.com/hashicorp/go-plugin.Protocol", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 926, + "event": "insufficient_logging", + "message": "Calling \"Start\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 926, + "event": "assign", + "message": "Assigning: \"err\" = \"c.Start()\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 929, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 927, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/go-plugin/client.go", + "line": 927, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 925| func (c *Client) Protocol() Protocol {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 926| \t_, err := c.Start()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 927|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 928| \t\treturn ProtocolInvalid", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 929| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "github.com/hashicorp/yamux.Session.Close()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 254, + "event": "path", + "message": "Condition \"s.shutdown\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 258, + "event": "path", + "message": "Condition \"s.shutdownErr == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 265, + "event": "lock_acquire", + "message": "Calling \"Lock\" acquires lock \"yamux.Session.streamLock\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 267, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 268, + "event": "lock_order", + "message": "Calling \"forceClose\" acquires lock \"yamux.Stream.stateLock\" while holding lock \"yamux.Session.streamLock\" (count: 1 / 2).", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 380, + "event": "lock_acquire", + "message": "Example 1: Calling \"Lock\" acquires lock \"yamux.Stream.stateLock\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 401, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"establishStream\" acquires lock \"yamux.Session.streamLock\" while holding \"yamux.Stream.stateLock\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 266| \tdefer s.streamLock.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| \tfor _, stream := range s.streams {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268|-> \t\tstream.forceClose()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| \treturn nil", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/hashicorp/yamux.Session.Ping()(time.Duration, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 304, + "event": "lock", + "message": "Locking \"s.pingLock\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 305, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"id\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 308, + "event": "unlock", + "message": "Unlocking \"s.pingLock\". \"id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 313, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 319, + "event": "path", + "message": "Selecting channel \"case <-After(s.config.ConnectionWriteTimeout):\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 322, + "event": "lockagain", + "message": "Locking \"s.pingLock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/session.go", + "line": 323, + "event": "use", + "message": "Using an unreliable value of \"id\" inside the second locked section. If the data that \"id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| \tcase <-time.After(s.config.ConnectionWriteTimeout):", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| \t\ts.pingLock.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 323|-> \t\tdelete(s.pings, id) // Ignore it if a response comes later.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 324| \t\ts.pingLock.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 325| \t\treturn 0, ErrTimeout", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "github.com/hashicorp/yamux.Stream.sendWindowUpdate()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 254, + "event": "lock_acquire", + "message": "Calling \"Lock\" acquires lock \"yamux.Stream.recvLock\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 255, + "event": "path", + "message": "Condition \"s.recvBuf != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 261, + "event": "lock_order", + "message": "Calling \"sendFlags\" acquires lock \"yamux.Stream.stateLock\" while holding lock \"yamux.Stream.recvLock\" (count: 1 / 2).", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 97, + "event": "lock_acquire", + "message": "Example 1: Calling \"Lock\" acquires lock \"yamux.Stream.stateLock\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/hashicorp/yamux/stream.go", + "line": 104, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"Lock\" acquires lock \"yamux.Stream.recvLock\" while holding \"yamux.Stream.stateLock\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 259| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 260| \t// Determine the flags if any", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 261|-> \tflags := s.sendFlags()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 262| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 263| \t// Check if we can omit the update", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jessevdk/go-flags.completion.completeValue(reflect.Value, string, string)[]github.com/jessevdk/go-flags.Completion", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 145, + "event": "path", + "message": "Condition \"value.Kind() == 23 /* Slice */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 152, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"cmp\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 152, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 154, + "event": "path", + "message": "Condition \"value.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 155, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/completion.go", + "line": 156, + "event": "null_method_call", + "message": "Calling a method on null object \"cmp\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154| \t} else if value.CanAddr() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \t\tif cmp, ok = value.Addr().Interface().(Completer); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156|-> \t\t\tret = cmp.Complete(match)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jessevdk/go-flags.Option.LongNameWithNamespace()string", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 97, + "event": "path", + "message": "Condition \"len(option.LongName) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 106, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 107, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"p\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 107, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 114, + "event": "path", + "message": "Condition \"_, ok := g.parent.(go-flags.Command *); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 114, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 119, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 106, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 107, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 108, + "event": "null_field_access", + "message": "Accessing field of null object \"p\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \tfor {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t\tif p, ok := g.parent.(*Parser); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> \t\t\tnamespaceDelimiter = p.NamespaceDelimiter", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| \t\t\tbreak", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jessevdk/go-flags.Option.EnvKeyWithNamespace()string", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 148, + "event": "path", + "message": "Condition \"len(option.EnvDefaultKey) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 157, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 158, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"p\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 158, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 165, + "event": "path", + "message": "Condition \"_, ok := g.parent.(go-flags.Command *); ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 165, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 170, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 157, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 158, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jessevdk/go-flags/option.go", + "line": 159, + "event": "null_field_access", + "message": "Accessing field of null object \"p\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \tfor {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| \t\tif p, ok := g.parent.(*Parser); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159|-> \t\t\tnamespaceDelimiter = p.EnvNamespaceDelimiter", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161| \t\t\tbreak", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jmoiron/sqlx.In(string, []interface{})(string, []interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 157, + "event": "path", + "message": "Condition \"len(args) <= 32 /* len(stackMeta) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 159, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 163, + "event": "path", + "message": "Condition \"i < len(args)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 164, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"a\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 164, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 172, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 179, + "event": "path", + "message": "Condition \"meta[i].length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 182, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 186, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 163, + "event": "path", + "message": "Condition \"i < len(args)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 164, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/jmoiron/sqlx/bind.go", + "line": 166, + "event": "null_method_call", + "message": "Calling a method on null object \"a\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 164| \t\tif a, ok := arg.(driver.Valuer); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 165| \t\t\tvar err error", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 166|-> \t\t\targ, err = a.Value()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 167| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| \t\t\t\treturn \"\", nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/ohler55/ojg/jp.Equation.Append([]byte, bool)[]byte", + "language": "go", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 133, + "event": "path", + "message": "Condition \"parens\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 136, + "event": "path", + "message": "Condition \"e.o == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 140, + "event": "path", + "message": "Considering switch case \"not.code\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 140, + "event": "path", + "message": "Condition \"e.o.code == not.code\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 145, + "event": "path", + "message": "Considering switch case \"get.code\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 145, + "event": "path", + "message": "Condition \"e.o.code == get.code\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 139, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 150, + "event": "path", + "message": "Condition \"e.left != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 150, + "event": "var_compare_op", + "message": "Comparing \"e.left\" to null implies that \"e.left\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 156, + "event": "path", + "message": "Condition \"e.right != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/ohler55/ojg/jp/equation.go", + "line": 157, + "event": "null_field_access", + "message": "Accessing field of null object \"e.left\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \t\t\tbuf = append(buf, ' ')", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \t\t\tif e.right != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157|-> \t\t\t\tbuf = e.right.Append(buf, e.left.o != nil && e.left.o.prec >= e.o.prec)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/pierrec/lz4/v4/internal/lz4block.BlockSizeIndex.Get()[]byte", + "language": "go", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 54, + "event": "assign_null", + "message": "Assigning: \"buf\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 56, + "event": "path", + "message": "Considering switch case \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 56, + "event": "path", + "message": "Condition \"b == 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 58, + "event": "path", + "message": "Considering switch case \"5\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 58, + "event": "path", + "message": "Condition \"b == 5\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 60, + "event": "path", + "message": "Considering switch case \"6\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 60, + "event": "path", + "message": "Condition \"b == 6\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 62, + "event": "path", + "message": "Considering switch case \"7\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 62, + "event": "path", + "message": "Condition \"b == 7\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 64, + "event": "path", + "message": "Considering switch case \"3\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 64, + "event": "path", + "message": "Condition \"b == 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 55, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/pierrec/lz4/v4/internal/lz4block/blocks.go", + "line": 67, + "event": "unbox_null", + "message": "Unboxing null object \"buf\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\tbuf = BlockPool8M.Get()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67|-> \treturn buf.([]byte)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/prometheus/client_golang/api.httpClient.Do(context.Context, *net/http.Request)(*net/http.Response, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go", + "line": 122, + "event": "path", + "message": "Condition \"ctx != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go", + "line": 122, + "event": "var_compare_op", + "message": "Comparing \"ctx\" to null implies that \"ctx\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go", + "line": 132, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/client_golang/api/client.go", + "line": 146, + "event": "null_method_call", + "message": "Calling a method on null object \"ctx\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \tselect {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> \tcase <-ctx.Done():", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \t\t<-done", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t\terr = resp.Body.Close()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/prometheus/common/config.URL.Redacted()string", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go", + "line": 187, + "event": "hardcoded_credential", + "message": "The constant string \"\"xxxxx\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go", + "line": 187, + "event": "password_use", + "message": "Calling \"UserPassword\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/common/config/http_config.go", + "line": 187, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| \tif _, ok := ru.User.Password(); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| \t\t// We can not use secretToken because it would be escaped.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187|-> \t\tru.User = url.UserPassword(ru.User.Username(), \"xxxxx\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189| \treturn ru.String()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/prometheus/prometheus/notifier.Manager.sendAll([]*github.com/prometheus/prometheus/notifier.Alert)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 452, + "event": "path", + "message": "Condition \"len(alerts) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 471, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 477, + "event": "lock", + "message": "Locking \"ams.mtx\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 479, + "event": "path", + "message": "Switch case value \"AlertmanagerAPIVersionV1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 482, + "event": "path", + "message": "Condition \"v1Payload == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 483, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"v1Payload\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 484, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 519, + "event": "path", + "message": "Condition \" < len(ams.ams)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 539, + "event": "unlock", + "message": "Unlocking \"ams.mtx\". \"v1Payload\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 540, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 471, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 479, + "event": "path", + "message": "Switch case value \"AlertmanagerAPIVersionV1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 482, + "event": "path", + "message": "Condition \"v1Payload == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 477, + "event": "lockagain", + "message": "Locking \"ams.mtx\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 491, + "event": "use", + "message": "Using an unreliable value of \"v1Payload\" inside the second locked section. If the data that \"v1Payload\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 489| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 490| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 491|-> \t\t\t\tpayload = v1Payload", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 492| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 493| \t\tcase config.AlertmanagerAPIVersionV2:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/prometheus/prometheus/notifier.Manager.sendAll([]*github.com/prometheus/prometheus/notifier.Alert)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 452, + "event": "path", + "message": "Condition \"len(alerts) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 471, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 479, + "event": "path", + "message": "Switch case value \"AlertmanagerAPIVersionV1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 482, + "event": "path", + "message": "Condition \"v1Payload == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 484, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 519, + "event": "path", + "message": "Condition \" < len(ams.ams)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 540, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 471, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 477, + "event": "lock", + "message": "Locking \"ams.mtx\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 479, + "event": "path", + "message": "Switch case value \"AlertmanagerAPIVersionV2\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 495, + "event": "path", + "message": "Condition \"v2Payload == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 498, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"v2Payload\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 499, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 519, + "event": "path", + "message": "Condition \" < len(ams.ams)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 539, + "event": "unlock", + "message": "Unlocking \"ams.mtx\". \"v2Payload\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 540, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 471, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 479, + "event": "path", + "message": "Switch case value \"AlertmanagerAPIVersionV2\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 495, + "event": "path", + "message": "Condition \"v2Payload == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 477, + "event": "lockagain", + "message": "Locking \"ams.mtx\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/notifier/notifier.go", + "line": 506, + "event": "use", + "message": "Using an unreliable value of \"v2Payload\" inside the second locked section. If the data that \"v2Payload\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 504| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 505| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 506|-> \t\t\t\tpayload = v2Payload", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 507| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 508| \t\tdefault:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "github.com/prometheus/prometheus/tsdb.stripeSeries.gc(int64)(map[uint64]struct{}, int, int64)", + "language": "go", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1335, + "event": "path", + "message": "Condition \"i < s.size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1338, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1339, + "event": "path", + "message": "Condition \" < len(all)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"len(series.mmappedChunks) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"series.headChunk != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"series.pendingCommit\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1359, + "event": "path", + "message": "Condition \"i != j\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1360, + "event": "lock", + "message": "Locking \"s.locks[j].RWMutex\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1366, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"deletedForCallback\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1368, + "event": "path", + "message": "Condition \"i != j\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1369, + "event": "unlock", + "message": "Unlocking \"s.locks[j].RWMutex\". \"deletedForCallback\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1372, + "event": "unlock", + "message": "Unlocking \"series.RWMutex\". \"deletedForCallback\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1373, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1339, + "event": "path", + "message": "Condition \" < len(all)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"len(series.mmappedChunks) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"series.headChunk != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1343, + "event": "path", + "message": "Condition \"series.pendingCommit\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1359, + "event": "path", + "message": "Condition \"i != j\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1360, + "event": "lockagain", + "message": "Locking \"s.locks[j].RWMutex\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/github.com/prometheus/prometheus/tsdb/head.go", + "line": 1366, + "event": "use", + "message": "Using an unreliable value of \"deletedForCallback\" inside the second locked section. If the data that \"deletedForCallback\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1364| \t\t\t\ts.hashes[i].del(hash, series.lset)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1365| \t\t\t\tdelete(s.series[j], series.ref)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1366|-> \t\t\t\tdeletedForCallback = append(deletedForCallback, series.lset)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1367| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1368| \t\t\t\tif i != j {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc.throttleDelay(*google.golang.org/grpc/internal/status.Status)time.Duration", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 269, + "event": "path", + "message": "Condition \" < len(status.Details())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 270, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"t\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 270, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 273, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 269, + "event": "path", + "message": "Condition \" < len(status.Details())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 270, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc/client.go", + "line": 271, + "event": "null_field_access", + "message": "Accessing field of null object \"t\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269| \tfor _, detail := range status.Details() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| \t\tif t, ok := detail.(*errdetails.RetryInfo); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271|-> \t\t\treturn t.RetryDelay.AsDuration()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "go.uber.org/goleak/internal/stack.getStacks(bool)[]go.uber.org/goleak/internal/stack.Stack", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 72, + "event": "assign_null", + "message": "Assigning: \"curStack\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 74, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 76, + "event": "path", + "message": "Condition \"err == EOF\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 79, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 86, + "event": "path", + "message": "Condition \"HasPrefix(line, \"goroutine \")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/go.uber.org/goleak/internal/stack/stacks.go", + "line": 99, + "event": "null_field_access", + "message": "Accessing field of null object \"curStack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| \t\t\tisFirstLine = true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99|-> \t\tcurStack.fullStack.WriteString(line)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t\tif !isFirstLine && curStack.firstFunction == \"\" {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \t\t\tcurStack.firstFunction = parseFirstFunc(line)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "golang.org/x/net/http2.ClientConn.State()golang.org/x/net/http2.ClientConnState", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 845, + "event": "lock", + "message": "Locking \"cc.wmu\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 846, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"maxConcurrent\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 847, + "event": "path", + "message": "Condition \"!cc.seenSettings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 850, + "event": "unlock", + "message": "Unlocking \"cc.wmu\". \"maxConcurrent\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 852, + "event": "lockagain", + "message": "Locking \"cc.mu\" again.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/net/http2/transport.go", + "line": 854, + "event": "use", + "message": "Using an unreliable value of \"maxConcurrent\" inside the second locked section. If the data that \"maxConcurrent\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 852| \tcc.mu.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 853| \tdefer cc.mu.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 854|-> \treturn ClientConnState{", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 855| \t\tClosed: cc.closed,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 856| \t\tClosing: cc.closing || cc.singleUse || cc.doNotReuse || cc.goAway != nil,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/oauth2/internal.ParseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 25, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 25, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 31, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 26, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 26, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25| \tparsedKey, err := x509.ParsePKCS8PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28| \t\tif err != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/oauth2/internal.ParseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, fmt.Errorf(\"private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "gonum.org/v1/gonum/mat.HOGSVD.UTo(*gonum.org/v1/gonum/mat.Dense, int)", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 167, + "event": "path", + "message": "Condition \"!gsvd.succFact()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 170, + "event": "path", + "message": "Condition \"n < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 170, + "event": "path", + "message": "Condition \"gsvd.n <= n\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 174, + "event": "path", + "message": "Condition \"dst.IsEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 176, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 184, + "event": "path", + "message": "Condition \"j < len(gsvd.Values(nil, n))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 184, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to member function \"Values\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gonum.org/v1/gonum/mat/hogsvd.go", + "line": 184, + "event": "null_array_access", + "message": "Accessing an element on null array \"gsvd.Values(nil, n)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 182| \tdst.Copy(&gsvd.b[n])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| \tvar v VecDense", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184|-> \tfor j, f := range gsvd.Values(nil, n) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| \t\tv.ColViewOf(dst, j)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| \t\tv.ScaleVec(1/f, &v)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "google.golang.org/api/storage/v1.ObjectsInsertCall.Do([]google.golang.org/api/googleapi.CallOption)(*google.golang.org/api/storage/v1.Object, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10375, + "event": "assign", + "message": "Assigning: \"res\" = \"c.doRequest(\"json\")\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10392, + "event": "taint", + "message": "The field \"res.Header\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10392, + "event": "identity", + "message": "Calling \"Get\". This call assigns \"res.Header\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10392, + "event": "identity", + "message": "Calling \"ResumableUpload\". This call assigns \"res.Header.Get(\"Location\")\" to \"().URI\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10392, + "event": "assign", + "message": "Assigning: \"rx\" = \"c.mediaInfo_.ResumableUpload(res.Header.Get(\"Location\"))\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10401, + "event": "sink", + "message": "Calling \"Upload\". This call uses \"rx.URI\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10401, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10399| \t\t\tctx = context.TODO()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10400| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10401|-> \t\tres, err = rx.Upload(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10402| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10403| \t\t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "google.golang.org/api/transport/cert.isCertificateExpired(*crypto/tls.Certificate)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go", + "line": 136, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go", + "line": 136, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificate(cert.Certificate[0])\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go", + "line": 139, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go", + "line": 137, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/api/transport/cert/default_cert.go", + "line": 137, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136| \tparsed, err := x509.ParseCertificate(cert.Certificate[0])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| \t\treturn true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "google.golang.org/grpc.ClientConn.Connect()", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 539, + "event": "lock_acquire", + "message": "Calling \"Lock\" acquires lock \"grpc.ClientConn.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 541, + "event": "path", + "message": "Condition \"cc.balancerWrapper != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 541, + "event": "path", + "message": "Condition \"cc.balancerWrapper.exitIdle()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 544, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 545, + "event": "lock_order", + "message": "Calling \"connect\" acquires lock \"grpc.addrConn.mu\" while holding lock \"grpc.ClientConn.mu\" (count: 1 / 2).", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 1238, + "event": "lock_acquire", + "message": "Example 1: Calling \"Lock\" acquires lock \"grpc.addrConn.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/grpc/clientconn.go", + "line": 1244, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"RLock\" acquires lock \"grpc.ClientConn.mu\" while holding \"grpc.addrConn.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 543| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 544| \tfor ac := range cc.conns {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 545|-> \t\tgo ac.connect()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 546| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "google.golang.org/protobuf/internal/descfmt.records.Append(reflect.Value, []string)", + "language": "go", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 208, + "event": "path", + "message": "Condition \" < len(accessors)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 210, + "event": "path", + "message": "Condition \"m.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"v.Kind() == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 216, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 219, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 221, + "event": "path", + "message": "Condition \"!rv.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 228, + "event": "path", + "message": "Switch case value \"Interface\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"n\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 243, + "event": "path", + "message": "Condition \"isZero\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 244, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 208, + "event": "path", + "message": "Condition \" < len(accessors)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 210, + "event": "path", + "message": "Condition \"m.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"v.Kind() == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 216, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 219, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 221, + "event": "path", + "message": "Condition \"!rv.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 228, + "event": "path", + "message": "Switch case value \"Interface\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 241, + "event": "null_method_call", + "message": "Calling a method on null object \"n\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| \t\tif n, ok := rv.Interface().(list); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> \t\t\tisZero = n.Len() == 0", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| \t\tif isZero {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "ini.v1.Section.reflectFrom(reflect.Value)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 577, + "event": "path", + "message": "Condition \"val.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 584, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 591, + "event": "path", + "message": "Condition \"tag == \"-\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"omitEmpty\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"isEmptyValue(field)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"r\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 605, + "event": "path", + "message": "Condition \"len(fieldName) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 606, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 591, + "event": "path", + "message": "Condition \"tag == \"-\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"omitEmpty\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ini.v1/struct.go", + "line": 601, + "event": "null_method_call", + "message": "Calling a method on null object \"r\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 599| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 600| \t\tif r, ok := field.Interface().(StructReflector); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 601|-> \t\t\treturn r.ReflectINIStruct(s.f)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 602| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 603| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "ldap.v3.DecodeControl(*asn1-ber.v1.Packet)(ldap.v3.Control, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 323, + "event": "assign_null", + "message": "Assigning: \"value\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 326, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 365, + "event": "path", + "message": "Switch case value \"ControlTypePaging\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 369, + "event": "null_field_access", + "message": "Accessing field of null object \"value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367| \t\treturn NewControlManageDsaIT(Criticality), nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| \tcase ControlTypePaging:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369|-> \t\tvalue.Description += \" (Paging)\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 370| \t\tc := new(ControlPaging)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 371| \t\tif value.Value != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "ldap.v3.DecodeControl(*asn1-ber.v1.Packet)(ldap.v3.Control, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 323, + "event": "assign_null", + "message": "Assigning: \"value\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 326, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 365, + "event": "path", + "message": "Switch case value \"ControlTypeBeheraPasswordPolicy\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 389, + "event": "null_field_access", + "message": "Accessing field of null object \"value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 387| \t\treturn c, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388| \tcase ControlTypeBeheraPasswordPolicy:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389|-> \t\tvalue.Description += \" (Password Policy - Behera)\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| \t\tc := NewControlBeheraPasswordPolicy()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 391| \t\tif value.Value != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "ldap.v3.DecodeControl(*asn1-ber.v1.Packet)(ldap.v3.Control, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 323, + "event": "assign_null", + "message": "Assigning: \"value\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 326, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 365, + "event": "path", + "message": "Switch case value \"ControlTypeVChuPasswordWarning\".", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/ldap.v3/control.go", + "line": 445, + "event": "null_field_access", + "message": "Accessing field of null object \"value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 443| \tcase ControlTypeVChuPasswordWarning:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 444| \t\tc := &ControlVChuPasswordWarning{Expire: -1}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 445|-> \t\texpireStr := ber.DecodeString(value.Data.Bytes())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 446| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 447| \t\texpire, err := strconv.ParseInt(expireStr, 10, 64)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebEncryption.DecryptMulti(interface{})(int, go-jose.v2.Header, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 514, + "event": "insufficient_logging", + "message": "Calling \"decryptKey\". This function call creates a logging obligation. (The interface method resolves to \"opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)\".)", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 514, + "event": "assign", + "message": "Assigning: \"err\" = \"decrypter.decryptKey(recipientHeaders, &recipient, generator)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 523, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 515, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 515, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 513| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| \t\tcek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515|-> \t\tif err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516| \t\t\t// Found a valid CEK -- let's try to decrypt.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \t\t\tplaintext, err = cipher.decrypt(cek, authData, parts)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.rawJSONWebEncryption.sanitized()(*go-jose.v2.JSONWebEncryption, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 157, + "event": "insufficient_logging", + "message": "Calling \"sanitized\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 157, + "event": "assign", + "message": "Assigning: \"err\" = \"mergedHeaders.sanitized()\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 160, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 158, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 158, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \tmergedHeaders := obj.mergedHeaders(nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \tobj.Header, err = mergedHeaders.sanitized()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\treturn nil, fmt.Errorf(\"square/go-jose: cannot sanitize merged headers: %v (%v)\", err, mergedHeaders)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebKey.UnmarshalJSON([]byte)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 172, + "event": "insufficient_logging", + "message": "Calling \"parseCertificateChain\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 172, + "event": "assign", + "message": "Assigning: \"err\" = \"parseCertificateChain(raw.X5c)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 175, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 173, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 173, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \tcerts, err := parseCertificateChain(raw.X5c)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| \t\treturn fmt.Errorf(\"square/go-jose: failed to unmarshal x5c field: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_block_sequence_entry(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 580, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 581, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 581, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 582, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 584| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_block_mapping_key(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 676, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 677, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 677, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 678, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 676| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 677| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 678|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 679| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 680| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_flow_sequence_entry(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 771, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 772, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 772, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 773, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 771| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 772| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 773|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 774| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_flow_mapping_key(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 905, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 906, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 906, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 907, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 905| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 906| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 907|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 908| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 909| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v3.yaml_parser_parse_flow_mapping_key(*yaml.v3.yaml_parser_t, *yaml.v3.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1067, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 36 out of 37 times).", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1069, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 458, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 459, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 791, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 792, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1183, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1184, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1216, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1217, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 232, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 233, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1067| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1068| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1069|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1070| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1071| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "xorm.io/xorm.Session.slice2Bean([]interface{}, []string, interface{}, *reflect.Value, *xorm.io/core.Table)(xorm.io/core.PK, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 390, + "event": "path", + "message": "Condition \" < len(session.afterClosures)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 399, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 390, + "event": "path", + "message": "Condition \" < len(session.afterClosures)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 401, + "event": "path", + "message": "Condition \"has\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 412, + "event": "path", + "message": "Condition \"has\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 425, + "event": "path", + "message": "Condition \"ii < len(fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 429, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 431, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 437, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 443, + "event": "path", + "message": "Condition \"fieldValue == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 444, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 425, + "event": "path", + "message": "Condition \"ii < len(fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 429, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 431, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 437, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 443, + "event": "path", + "message": "Condition \"fieldValue == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 449, + "event": "path", + "message": "Condition \"rawValue.Interface() == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 453, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 454, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"structConvert\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 454, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 466, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 467, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 468, + "event": "path", + "message": "Condition \"fieldValue.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 468, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 472, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 475, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 425, + "event": "path", + "message": "Condition \"ii < len(fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 429, + "event": "path", + "message": "Condition \"!ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 431, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 437, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 443, + "event": "path", + "message": "Condition \"fieldValue == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 449, + "event": "path", + "message": "Condition \"rawValue.Interface() == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 453, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 454, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 455, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session.go", + "line": 456, + "event": "null_method_call", + "message": "Calling a method on null object \"structConvert\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 454| \t\t\tif structConvert, ok := fieldValue.Addr().Interface().(core.Conversion); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 455| \t\t\t\tif data, err := value2Bytes(&rawValue); err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 456|-> \t\t\t\t\tif err := structConvert.FromDB(data); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 457| \t\t\t\t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 458| \t\t\t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "xorm.io/xorm.Session.Commit()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 35, + "event": "path", + "message": "Condition \"!session.isAutoCommit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 35, + "event": "path", + "message": "Condition \"!session.isCommitedOrRollbacked\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 40, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 50, + "event": "path", + "message": "Condition \" < len()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 57, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 60, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"processor\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 60, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 63, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 57, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 60, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 61, + "event": "null_method_call", + "message": "Calling a method on null object \"processor\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \t\t\t\tif processor, ok := interface{}(bean).(AfterUpdateProcessor); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> \t\t\t\t\tprocessor.AfterUpdate()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "xorm.io/xorm.Session.Commit()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 35, + "event": "path", + "message": "Condition \"!session.isAutoCommit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 35, + "event": "path", + "message": "Condition \"!session.isCommitedOrRollbacked\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 40, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 50, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 53, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 56, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 50, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 53, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 56, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 50, + "event": "path", + "message": "Condition \" < len()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 57, + "event": "path", + "message": "Condition \" < len()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 64, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 67, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"processor\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 67, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 70, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 64, + "event": "path", + "message": "Condition \" < len()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 67, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/session_tx.go", + "line": 68, + "event": "null_method_call", + "message": "Calling a method on null object \"processor\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\t\t\tif processor, ok := interface{}(bean).(AfterDeleteProcessor); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> \t\t\t\t\tprocessor.AfterDelete()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "xorm.io/xorm.Statement.buildUpdates(interface{}, bool, bool, bool, bool, bool)([]string, []interface{})", + "language": "go", + "tool": "coverity", + "key_event_idx": 91, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 248, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"!unscoped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 260, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 290, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 296, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 297, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 299, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 305, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"col.Nullable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"isZero(fieldValue.Interface())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 316, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 317, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"structConvert\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 317, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 328, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 338, + "event": "path", + "message": "Condition \"fieldType.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 339, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 340, + "event": "path", + "message": "Condition \"includeNil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 344, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 296, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 297, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 299, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 305, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"col.Nullable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"isZero(fieldValue.Interface())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 316, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 317, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 318, + "event": "null_method_call", + "message": "Calling a method on null object \"structConvert\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| \t\tif fieldValue.CanAddr() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| \t\t\tif structConvert, ok := fieldValue.Addr().Interface().(core.Conversion); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318|-> \t\t\t\tdata, err := structConvert.ToDB()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320| \t\t\t\t\tengine.logger.Error(err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "xorm.io/xorm.Statement.buildUpdates(interface{}, bool, bool, bool, bool, bool)([]string, []interface{})", + "language": "go", + "tool": "coverity", + "key_event_idx": 91, + "events": [ + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 248, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"!unscoped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 260, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 290, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 296, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 297, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 299, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 305, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"col.Nullable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"isZero(fieldValue.Interface())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 316, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 317, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 328, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"structConvert\".", + "verbosity_level": 1 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 328, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 338, + "event": "path", + "message": "Condition \"fieldType.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 339, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 340, + "event": "path", + "message": "Condition \"includeNil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 344, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 246, + "event": "path", + "message": "Condition \" < len(table.Columns())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"!includeVersion\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 247, + "event": "path", + "message": "Condition \"col.IsVersion\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 250, + "event": "path", + "message": "Condition \"col.IsCreated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"!includeUpdated\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 253, + "event": "path", + "message": "Condition \"col.IsUpdated\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"!includeAutoIncr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 256, + "event": "path", + "message": "Condition \"col.IsAutoIncrement\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 259, + "event": "path", + "message": "Condition \"col.IsDeleted\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 262, + "event": "path", + "message": "Condition \"omitColumnMap.contain(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 265, + "event": "path", + "message": "Condition \"len(columnMap) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 269, + "event": "path", + "message": "Condition \"col.MapType == 3 /* ONLYFROMDB */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 273, + "event": "path", + "message": "Condition \"statement.incrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 275, + "event": "path", + "message": "Condition \"statement.decrColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 277, + "event": "path", + "message": "Condition \"statement.exprColumns.isColExist(col.Name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 282, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 289, + "event": "path", + "message": "Condition \"fieldType == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 296, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 297, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 299, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 305, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"b\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"col.Nullable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 306, + "event": "path", + "message": "Condition \"isZero(fieldValue.Interface())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 316, + "event": "path", + "message": "Condition \"fieldValue.CanAddr()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 328, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "grafana-9.2.10/vendor/xorm.io/xorm/statement.go", + "line": 329, + "event": "null_method_call", + "message": "Calling a method on null object \"structConvert\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328| \t\tif structConvert, ok := fieldValue.Interface().(core.Conversion); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329|-> \t\t\tdata, err := structConvert.ToDB()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| \t\t\t\tengine.logger.Error(err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.dsn.MultipartReport.getReport()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java", + "line": 233, + "event": "path", + "message": "Condition \"getCount() < 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java", + "line": 237, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\". (The virtual call resolves to \"javax.mail.internet.MimeBodyPart.getContent\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java", + "line": 237, + "event": "var_assign", + "message": "Assigning: \"content\" = resource returned from \"bp.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java", + "line": 238, + "event": "path", + "message": "Condition \"!(content instanceof com.sun.mail.dsn.Report)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/dsn/src/main/java/com/sun/mail/dsn/MultipartReport.java", + "line": 239, + "event": "leaked_resource", + "message": "Variable \"content\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 237| \t Object content = bp.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 238| \t if (!(content instanceof Report))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239|-> \t\treturn null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| \t return (Report)content;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241| \t} catch (IOException ex) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.handlers.image_gif.getContent(javax.activation.DataSource)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java", + "line": 38, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"javax.activation.DataHandlerDataSource.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java", + "line": 38, + "event": "var_assign", + "message": "Assigning: \"is\" = resource returned from \"ds.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java", + "line": 43, + "event": "noescape", + "message": "Resource \"is\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java", + "line": 43, + "event": "path", + "message": "Condition \"(count = is.read(buf, pos, buf.length - pos)) != -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/handlers/image_gif.java", + "line": 57, + "event": "leaked_resource", + "message": "Variable \"is\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \tToolkit tk = Toolkit.getDefaultToolkit();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57|-> \treturn tk.createImage(buf, 0, pos);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "com.sun.mail.imap.IMAPFolder.(java.lang.String, char, com.sun.mail.imap.IMAPStore, java.lang.Boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 371, + "event": "path", + "message": "Condition \"fullName == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 391, + "event": "path", + "message": "Condition \"separator != 65535 /* com.sun.mail.imap.IMAPFolder.UNKNOWN_SEPARATOR */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 391, + "event": "path", + "message": "Condition \"separator != '\\0'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 393, + "event": "path", + "message": "Condition \"i > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 393, + "event": "path", + "message": "Condition \"i == this.fullName.length() - 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 394, + "event": "read_volatile", + "message": "Reading \"this.fullName\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 394, + "event": "intervening_update", + "message": "Another thread writes to \"this.fullName\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 394, + "event": "stale_update", + "message": "Updating \"this.fullName\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 392| \t int i = this.fullName.indexOf(separator);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 393| \t if (i > 0 && i == this.fullName.length() - 1) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 394|-> \t\tthis.fullName = this.fullName.substring(0, i);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 395| \t\tthis.isNamespace = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 396| \t }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.IMAPFolder.handleIdle(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3227, + "event": "returned_null", + "message": "\"readIdleResponse\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3227, + "event": "var_assigned", + "message": "Assigning: \"r\" = \"null\" return value from \"readIdleResponse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3230, + "event": "null_method_call", + "message": "Calling a method on null object \"r\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2068, + "event": "example_assign", + "message": "Example 1: Assigning: \"r\" = return value from \"p.readIdleResponse()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2070, + "event": "example_checked", + "message": "Example 1 (cont.): \"r\" has its value checked in \"r == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3228| \t try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3229| \t\tsynchronized (messageCacheLock) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3230|-> \t\t if (r.isBYE() && r.isSynthetic() && idleState == IDLE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3231| \t\t\t/*", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3232| \t\t\t * If it was a timeout and no bytes were transferred", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "com.sun.mail.imap.IMAPFolder.handleResponse(com.sun.mail.iap.Response)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3469, + "event": "path", + "message": "Condition \"java.lang.Thread.holdsLock(messageCacheLock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3474, + "event": "path", + "message": "Condition \"r.isOK()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3474, + "event": "path", + "message": "Condition \"r.isNO()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3481, + "event": "path", + "message": "Condition \"r.isBYE()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3485, + "event": "path", + "message": "Condition \"r.isOK()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3495, + "event": "path", + "message": "Condition \"!r.isUnTagged()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3500, + "event": "path", + "message": "Condition \"!(r instanceof com.sun.mail.imap.protocol.IMAPResponse)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3509, + "event": "path", + "message": "Condition \"ir.keyEquals(\"EXISTS\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3511, + "event": "path", + "message": "Condition \"exists <= realTotal\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3522, + "event": "read_volatile", + "message": "Reading \"total\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3522, + "event": "intervening_update", + "message": "Another thread writes to \"total\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3522, + "event": "stale_update", + "message": "Updating \"total\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 474, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"total\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3520| \t int oldtotal = total;\t// used in loop below", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3521| \t realTotal += count;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3522|-> \t total += count;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3523| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3524| \t // avoid instantiating Message objects if no listeners.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.IMAPMessage.handleFetchItem(com.sun.mail.imap.protocol.Item, java.lang.String[], boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1255, + "event": "path", + "message": "Condition \"item instanceof javax.mail.Flags\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1258, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.ENVELOPE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1260, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.INTERNALDATE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1262, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.RFC822SIZE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1264, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.MODSEQ\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1268, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.BODYSTRUCTURE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1271, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.UID\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1282, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.RFC822DATA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1286, + "event": "path", + "message": "Condition \"item instanceof com.sun.mail.imap.protocol.RFC822DATA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1287, + "event": "returned_null", + "message": "\"getByteArrayInputStream\" returns \"null\" (checked 4 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1287, + "event": "var_assigned", + "message": "Assigning: \"headerStream\" = \"null\" return value from \"getByteArrayInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1290, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1296, + "event": "path", + "message": "Condition \"!isHeader\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1301, + "event": "null_method_call", + "message": "Calling a method on null object \"headerStream\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 931, + "event": "example_assign", + "message": "Example 1: Assigning: \"is\" = return value from \"rd.getByteArrayInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 943, + "event": "example_checked", + "message": "Example 1 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 754, + "event": "example_assign", + "message": "Example 2: Assigning: \"is\" = return value from \"rd.getByteArrayInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 764, + "event": "example_checked", + "message": "Example 2 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1572, + "event": "example_assign", + "message": "Example 3: Assigning: \"is\" = return value from \"rd.getByteArrayInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 1582, + "event": "example_checked", + "message": "Example 3 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 856, + "event": "example_assign", + "message": "Example 4: Assigning: \"is\" = return value from \"rd.getByteArrayInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 866, + "event": "example_checked", + "message": "Example 4 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1299| \t\t// first, save the size of the message", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1300| \t\ttry {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1301|-> \t\t size = headerStream.available();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1302| \t\t} catch (IOException ex) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1303| \t\t // should never occur", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.BODY.(com.sun.mail.imap.protocol.FetchResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java", + "line": 51, + "event": "path", + "message": "Condition \"r.readByte() != '['\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java", + "line": 54, + "event": "returned_null", + "message": "\"readString\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java", + "line": 54, + "event": "var_assigned", + "message": "Assigning: \"section\" = \"null\" return value from \"readString\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java", + "line": 55, + "event": "path", + "message": "Condition \"r.readByte() != ']'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODY.java", + "line": 58, + "event": "null_method_call", + "message": "Calling a method on null object \"section\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \t throw new ParsingException(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| \t\t \"BODY parse error: missing ``]'' at section end\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58|-> \tisHeader = section.regionMatches(true, 0, \"HEADER\", 0, 6);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \tif (r.readByte() == '<') { // origin", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.BODYSTRUCTURE.(com.sun.mail.imap.protocol.FetchResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 66, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 69, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 74, + "event": "path", + "message": "Condition \"r.readByte() != '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 78, + "event": "path", + "message": "Condition \"r.peekByte() == '('\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 79, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 94, + "event": "path", + "message": "Condition \"r.peekByte() == '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 100, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 103, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 111, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 115, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 123, + "event": "path", + "message": "Condition \"b == '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 138, + "event": "path", + "message": "Condition \"b == 'N'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 139, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 142, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 165, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 172, + "event": "path", + "message": "Condition \"r.peekByte() == '('\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 173, + "event": "returned_null", + "message": "\"readStringList\" returns \"null\" (checked 1 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 173, + "event": "var_assigned", + "message": "Assigning: \"language\" = \"null\" return value from \"readStringList\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 174, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 175, + "event": "null_array_length", + "message": "Accessing length of null array \"language\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java", + "line": 56, + "event": "example_assign", + "message": "Example 1: Assigning: \"v\" = return value from \"r.readStringList()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java", + "line": 57, + "event": "example_checked", + "message": "Example 1 (cont.): \"v\" has its value checked in \"v != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| \t\tlanguage = r.readStringList();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| \t\tif (parseDebug)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175|-> \t\t System.out.println(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| \t\t\t\"DEBUG IMAP: language len \" + language.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| \t } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.BODYSTRUCTURE.(com.sun.mail.imap.protocol.FetchResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 34, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 66, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 69, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 74, + "event": "path", + "message": "Condition \"r.readByte() != '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 78, + "event": "path", + "message": "Condition \"r.peekByte() == '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 193, + "event": "path", + "message": "Condition \"r.peekByte() == ')'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 215, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 218, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 222, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 226, + "event": "path", + "message": "Condition \"type == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 231, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 234, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 237, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 244, + "event": "path", + "message": "Condition \"encoding != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 244, + "event": "path", + "message": "Condition \"encoding.equalsIgnoreCase(\"NIL\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 245, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 254, + "event": "path", + "message": "Condition \"encoding != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 256, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 259, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 261, + "event": "path", + "message": "Condition \"size < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 266, + "event": "path", + "message": "Condition \"type.equalsIgnoreCase(\"text\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 268, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 270, + "event": "path", + "message": "Condition \"lines < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 273, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 311, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 321, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 329, + "event": "path", + "message": "Condition \"b == '('\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 341, + "event": "path", + "message": "Condition \"b == 'N'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 342, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 345, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 352, + "event": "path", + "message": "Condition \"r.isNextNonSpace(')')\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 359, + "event": "path", + "message": "Condition \"r.peekByte() == '('\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 360, + "event": "returned_null", + "message": "\"readStringList\" returns \"null\" (checked 1 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 360, + "event": "var_assigned", + "message": "Assigning: \"language\" = \"null\" return value from \"readStringList\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 361, + "event": "path", + "message": "Condition \"com.sun.mail.imap.protocol.BODYSTRUCTURE.parseDebug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/BODYSTRUCTURE.java", + "line": 362, + "event": "null_array_length", + "message": "Accessing length of null array \"language\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java", + "line": 56, + "event": "example_assign", + "message": "Example 1: Assigning: \"v\" = return value from \"r.readStringList()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/ID.java", + "line": 57, + "event": "example_checked", + "message": "Example 1 (cont.): \"v\" has its value checked in \"v != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 360| \t\tlanguage = r.readStringList();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 361| \t\tif (parseDebug)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 362|-> \t\t System.out.println(\"DEBUG IMAP: language len \" +", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 363| \t\t\t\t\t\t\tlanguage.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 364| \t } else { // protocol is unnessarily complex here", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.IMAPSaslAuthenticator.authenticate(java.lang.String[], java.lang.String, java.lang.String, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 78, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 80, + "event": "path", + "message": "Condition \"i < mechs.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 81, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 80, + "event": "path", + "message": "Condition \"i < mechs.length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 129, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 133, + "event": "path", + "message": "Condition \"sc == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 137, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 143, + "event": "path", + "message": "Condition \"pr.hasCapability(\"SASL-IR\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 154, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 187, + "event": "path", + "message": "Condition \"r.isContinuation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 189, + "event": "path", + "message": "Condition \"!sc.isComplete()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 190, + "event": "returned_null", + "message": "\"readByteArray\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 190, + "event": "null_method_call", + "message": "Calling a method on null object \"r.readByteArray()\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/iap/Response.java", + "line": 398, + "event": "example_assign", + "message": "Example 1: Assigning: \"ba\" = return value from \"readByteArray()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/iap/Response.java", + "line": 399, + "event": "example_checked", + "message": "Example 1 (cont.): \"ba\" has its value checked in \"ba != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| \t\t byte[] ba = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189| \t\t if (!sc.isComplete()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190|-> \t\t\tba = r.readByteArray().getNewBytes();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| \t\t\tif (ba.length > 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192| \t\t\t ba = BASE64DecoderStream.decode(ba);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "com.sun.mail.imap.protocol.IMAPSaslAuthenticator.authenticate(java.lang.String[], java.lang.String, java.lang.String, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 28, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 73, + "event": "lock_acquire", + "message": "Acquiring lock \"IMAPSaslAuthenticator.pr\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 78, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 129, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 133, + "event": "path", + "message": "Condition \"sc == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 137, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 143, + "event": "path", + "message": "Condition \"pr.hasCapability(\"SASL-IR\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 143, + "event": "path", + "message": "Condition \"sc.hasInitialResponse()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 146, + "event": "path", + "message": "Condition \"ba.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 149, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 154, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 187, + "event": "path", + "message": "Condition \"r.isContinuation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 189, + "event": "path", + "message": "Condition \"!sc.isComplete()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 198, + "event": "path", + "message": "Condition \"ba == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 203, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 217, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 224, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 231, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 187, + "event": "path", + "message": "Condition \"r.isContinuation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 189, + "event": "path", + "message": "Condition \"!sc.isComplete()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 198, + "event": "path", + "message": "Condition \"ba == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 200, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 224, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 231, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 233, + "event": "path", + "message": "Condition \"sc.isComplete()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 235, + "event": "path", + "message": "Condition \"qop != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 256, + "event": "lock_order", + "message": "Acquiring lock \"IMAPStore.pool\" while holding \"IMAPSaslAuthenticator.pr\" conflicts with the lock order established elsewhere.", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1169, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1140, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 3: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1069, + "event": "example_lock_order", + "message": "Example 3 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 4: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1009, + "event": "example_lock_order", + "message": "Example 4 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2030, + "event": "lock_acquire", + "message": "Example 5: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2031, + "event": "example_lock_order", + "message": "Example 5 (cont.): Calling \"getStoreProtocol\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 254| \t * code really ends up being just a no-op.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 255| \t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 256|-> \tpr.notifyResponseHandlers(responses);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 257| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 258| \t// Handle the final OK, NO, BAD or BYE response", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "com.sun.mail.imap.protocol.IMAPSaslAuthenticator.authenticate(java.lang.String[], java.lang.String, java.lang.String, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 73, + "event": "lock_acquire", + "message": "Acquiring lock \"IMAPSaslAuthenticator.pr\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 78, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 129, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 133, + "event": "path", + "message": "Condition \"sc == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 137, + "event": "path", + "message": "Condition \"logger.isLoggable(java.util.logging.Level.FINE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 143, + "event": "path", + "message": "Condition \"pr.hasCapability(\"SASL-IR\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 143, + "event": "path", + "message": "Condition \"sc.hasInitialResponse()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 146, + "event": "path", + "message": "Condition \"ba.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 149, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 154, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 187, + "event": "path", + "message": "Condition \"r.isContinuation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 189, + "event": "path", + "message": "Condition \"!sc.isComplete()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 198, + "event": "path", + "message": "Condition \"ba == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 203, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 217, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 224, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 231, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 187, + "event": "path", + "message": "Condition \"r.isContinuation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 189, + "event": "path", + "message": "Condition \"!sc.isComplete()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 198, + "event": "path", + "message": "Condition \"ba == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 200, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 224, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 231, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 184, + "event": "path", + "message": "Condition \"!done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 233, + "event": "path", + "message": "Condition \"sc.isComplete()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 235, + "event": "path", + "message": "Condition \"qop != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 267, + "event": "path", + "message": "Condition \"isXGWTRUSTEDAPP\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 267, + "event": "path", + "message": "Condition \"authzid != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPSaslAuthenticator.java", + "line": 274, + "event": "lock_order", + "message": "Acquiring lock \"IMAPStore.pool\" while holding \"IMAPSaslAuthenticator.pr\" conflicts with the lock order established elsewhere.", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1169, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1140, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 3: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1069, + "event": "example_lock_order", + "message": "Example 3 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 4: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1009, + "event": "example_lock_order", + "message": "Example 4 (cont.): Calling \"login\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2030, + "event": "lock_acquire", + "message": "Example 5: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2031, + "event": "example_lock_order", + "message": "Example 5 (cont.): Calling \"getStoreProtocol\" acquires lock \"IMAPSaslAuthenticator.pr\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| \t // dispatch untagged responses", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274|-> \t pr.notifyResponseHandlers(responses);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| \t // Handle result of this command", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "com.sun.mail.smtp.SMTPTransport.sendMessage(javax.mail.Message, javax.mail.Address[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java", + "line": 1238, + "event": "lock_acquire", + "message": "Acquiring lock \"SMTPTransport.this\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java", + "line": 1240, + "event": "path", + "message": "Condition \"message != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/smtp/SMTPTransport.java", + "line": 1240, + "event": "lock_order", + "message": "Acquiring lock \"IMAPStore.pool\" while holding \"SMTPTransport.this\" conflicts with the lock order established elsewhere. (The virtual call resolves to \"com.sun.mail.imap.IMAPMessage.getSubject\".)", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1169, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"login\" acquires lock \"SMTPTransport.this\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1126, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1140, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"login\" acquires lock \"SMTPTransport.this\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 3: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1069, + "event": "example_lock_order", + "message": "Example 3 (cont.): Calling \"login\" acquires lock \"SMTPTransport.this\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 993, + "event": "lock_acquire", + "message": "Example 4: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 1009, + "event": "example_lock_order", + "message": "Example 4 (cont.): Calling \"login\" acquires lock \"SMTPTransport.this\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2030, + "event": "lock_acquire", + "message": "Example 5: Acquiring lock \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPStore.java", + "line": 2031, + "event": "example_lock_order", + "message": "Example 5 (cont.): Calling \"getStoreProtocol\" acquires lock \"SMTPTransport.this\" while holding \"IMAPStore.pool\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1238| \t\t throws MessagingException, SendFailedException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1239| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1240|-> \tsendMessageStart(message != null ? message.getSubject() : \"\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1241| \tcheckConnected();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1242| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.SocketFetcher.createSocket(java.net.InetAddress, int, java.lang.String, int, int, int, java.util.Properties, java.lang.String, javax.net.SocketFactory, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 247, + "event": "path", + "message": "Condition \"com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINEST)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 262, + "event": "path", + "message": "Condition \"proxyHost != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 264, + "event": "path", + "message": "Condition \"i >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 275, + "event": "path", + "message": "Condition \"com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINER)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 277, + "event": "path", + "message": "Condition \"proxyUser != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 278, + "event": "path", + "message": "Condition \"proxyPassword == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 281, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 299, + "event": "path", + "message": "Condition \"sf != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 299, + "event": "path", + "message": "Condition \"!(sf instanceof javax.net.ssl.SSLSocketFactory)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 301, + "event": "path", + "message": "Condition \"socket == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 302, + "event": "path", + "message": "Condition \"socksHost != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 306, + "event": "path", + "message": "Condition \"com.sun.mail.util.PropUtil.getBooleanProperty(props, prefix + \".usesocketchannels\", false)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 309, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"open\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 309, + "event": "identity_transfer", + "message": "Method call \"java.nio.channels.SocketChannel.open().socket()\" returns a wrapper for \"java.nio.channels.SocketChannel.open()\" (\"this\").", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 309, + "event": "var_assign", + "message": "Assigning: \"socket\" = resource returned from \"java.nio.channels.SocketChannel.open().socket()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 310, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 313, + "event": "path", + "message": "Condition \"to >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 314, + "event": "path", + "message": "Condition \"com.sun.mail.util.SocketFetcher.logger.isLoggable(java.util.logging.Level.FINEST)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 316, + "event": "noescape", + "message": "Resource \"socket\" is not closed or saved in \"setSoTimeout\". (The virtual call resolves to \"com.sun.mail.util.WriteTimeoutSocket.setSoTimeout\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 316, + "event": "path", + "message": "Throwing \"java.net.SocketException\" (or subclass) from call to \"setSoTimeout\"; exiting method with uncaught exception. (The virtual call resolves to \"com.sun.mail.util.WriteTimeoutSocket.setSoTimeout\".)", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketFetcher.java", + "line": 316, + "event": "leaked_resource", + "message": "Variable \"socket\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 314| \t if (logger.isLoggable(Level.FINEST))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| \t\tlogger.finest(\"set socket read timeout \" + to);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316|-> \t socket.setSoTimeout(to);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| \tint writeTimeout = PropUtil.getIntProperty(props,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.logging.MailHandler.contentTypeOf(java.util.logging.Formatter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1651, + "event": "path", + "message": "Condition \"java.lang.Thread.holdsLock(this)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1652, + "event": "path", + "message": "Condition \"f != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1654, + "event": "path", + "message": "Condition \"type != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1658, + "event": "path", + "message": "Condition \"k != (java.util.logging.Formatter.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1663, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1667, + "event": "path", + "message": "Condition \"(idx = name.indexOf(\"ml\", idx)) > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1669, + "event": "path", + "message": "Condition \"idx > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1678, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1667, + "event": "path", + "message": "Condition \"(idx = name.indexOf(\"ml\", idx)) > -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1679, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1659, + "event": "returned_null", + "message": "\"getSuperclass\" returns \"null\" (checked 3 out of 6 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1659, + "event": "var_assigned", + "message": "Assigning: \"k\" = \"null\" return value from \"getSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1658, + "event": "path", + "message": "Condition \"k != (java.util.logging.Formatter.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1662, + "event": "null_method_call", + "message": "Calling a method on null object \"k\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java", + "line": 366, + "event": "example_assign", + "message": "Example 1: Assigning: \"t\" = return value from \"t.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java", + "line": 366, + "event": "example_checked", + "message": "Example 1 (cont.): \"t\" has its value checked in \"t != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java", + "line": 388, + "event": "example_assign", + "message": "Example 2: Assigning: \"k\" = return value from \"k.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/AbstractLogging.java", + "line": 388, + "event": "example_checked", + "message": "Example 2 (cont.): \"k\" has its value checked in \"k != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 7014, + "event": "example_assign", + "message": "Example 3: Assigning: \"k\" = return value from \"k.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 7014, + "event": "example_checked", + "message": "Example 3 (cont.): \"k\" has its value checked in \"k != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1660| String name;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1661| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1662|-> name = k.getSimpleName();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1663| } catch (final InternalError JDK8057919) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1664| name = k.getName();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeBodyPart.updateHeaders(javax.mail.internet.MimePart)", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1478, + "event": "path", + "message": "Condition \"dh == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1494, + "event": "path", + "message": "Condition \"cType.match(\"multipart/*\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1498, + "event": "path", + "message": "Condition \"part instanceof javax.mail.internet.MimeBodyPart\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1500, + "event": "path", + "message": "Condition \"mbp.cachedContent != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1500, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1500, + "event": "var_assign", + "message": "Assigning: \"o\" = resource returned from \"dh.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1502, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1508, + "event": "path", + "message": "Condition \"o instanceof javax.mail.internet.MimeMultipart\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1511, + "event": "noescape", + "message": "Resource \"o\" is not closed or saved in \"getClass\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1511, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeBodyPart.java", + "line": 1511, + "event": "leaked_resource", + "message": "Variable \"o\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1509| \t\t ((MimeMultipart)o).updateHeaders();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1510| \t\telse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1511|-> \t\t throw new MessagingException(\"MIME part of type \\\"\" +", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1512| \t\t\ttype + \"\\\" contains object of type \" +", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1513| \t\t\to.getClass().getName() + \" instead of MimeMultipart\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeMultipart.parse()", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 560, + "event": "path", + "message": "Condition \"parsed\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 570, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"javax.activation.DataHandlerDataSource.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 570, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"ds.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 571, + "event": "path", + "message": "Condition \"!(in instanceof java.io.ByteArrayInputStream)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 571, + "event": "path", + "message": "Condition \"!(in instanceof java.io.BufferedInputStream)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 571, + "event": "path", + "message": "Condition \"!(in instanceof javax.mail.internet.SharedInputStream)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 574, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"new java.io.BufferedInputStream(in)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 575, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 578, + "event": "path", + "message": "Condition \"in instanceof javax.mail.internet.SharedInputStream\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 581, + "event": "path", + "message": "Throwing \"javax.mail.internet.ParseException\" (or subclass) from call to \"ContentType\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/MimeMultipart.java", + "line": 581, + "event": "leaked_resource", + "message": "Variable \"in\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| \t sin = (SharedInputStream)in;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581|-> \tContentType cType = new ContentType(contentType);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582| \tString boundary = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| \tif (!ignoreExistingBoundaryParameter) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "javax.mail.internet.ParameterList.combineMultisegmentNames(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 397, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"multisegmentNames\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 397, + "event": "assign", + "message": "Assigning: \"it\" = \"multisegmentNames.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 398, + "event": "path", + "message": "Condition \"it.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 408, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 411, + "event": "path", + "message": "Condition \"v == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 415, + "event": "path", + "message": "Condition \"v instanceof javax.mail.internet.ParameterList.Value\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 417, + "event": "path", + "message": "Condition \"segment == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 421, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 429, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 432, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 436, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 408, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 411, + "event": "path", + "message": "Condition \"v == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 415, + "event": "path", + "message": "Condition \"v instanceof javax.mail.internet.ParameterList.Value\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 417, + "event": "path", + "message": "Condition \"segment == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 422, + "event": "path", + "message": "Condition \"charset == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 424, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"multisegmentNames\" which invalidates iterator \"it\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 425, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 437, + "event": "path", + "message": "Condition \"segment == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 442, + "event": "path", + "message": "Condition \"charset != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 444, + "event": "path", + "message": "Condition \"charset == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 446, + "event": "path", + "message": "Condition \"charset != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 447, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 450, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 462, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/javax/mail/internet/ParameterList.java", + "line": 398, + "event": "invalid_iterator", + "message": "Using invalid iterator \"it\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 396| \ttry {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 397| \t Iterator it = multisegmentNames.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 398|-> \t while (it.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 399| \t\tString name = it.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 400| \t\tMultiValue mv = new MultiValue();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "com.sun.mail.imap.IMAPSaslHandler$#1.handle(javax.security.auth.callback.Callback[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java", + "line": 66, + "event": "hardcoded_credential", + "message": "The constant string \"\"test\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java", + "line": 66, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"\"test\"\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java", + "line": 66, + "event": "password_use", + "message": "Calling \"setPassword\". This call uses the constant string as a password. (The virtual call resolves to \"javax.security.auth.callback.PasswordCallback.setPassword(char[])\".)", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPSaslHandler.java", + "line": 66, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t\t } else if (callbacks[i] instanceof PasswordCallback) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\t\tPasswordCallback pcb = (PasswordCallback)callbacks[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66|-> \t\t\tpcb.setPassword(p.toCharArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\t } else if (callbacks[i] instanceof AuthorizeCallback) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| \t\t\tAuthorizeCallback ac = (AuthorizeCallback)callbacks[i];", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.IMAPUidExpungeTest$#1.test(javax.mail.Folder, com.sun.mail.imap.IMAPUidExpungeTest$IMAPHandlerExpunge)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 61, + "event": "returned_null", + "message": "\"getMessageByUID\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"com.sun.mail.imap.IMAPFolder.getMessageByUID\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 61, + "event": "var_assigned", + "message": "Assigning: \"m\" = \"null\" return value from \"getMessageByUID\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 62, + "event": "null_method_call", + "message": "Calling a method on null object \"m\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \t\t\t\t throws MessagingException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t\t Message m = ((UIDFolder)folder).getMessageByUID(2);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62|-> \t\t m.getFlags();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t\t assertEquals(1, handler.getSeqNum());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.IMAPUidExpungeTest$#3.test(javax.mail.Folder, com.sun.mail.imap.IMAPUidExpungeTest$IMAPHandlerExpunge)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 85, + "event": "returned_null", + "message": "\"getMessageByUID\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"com.sun.mail.imap.IMAPFolder.getMessageByUID\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 85, + "event": "var_assigned", + "message": "Assigning: \"m\" = \"null\" return value from \"getMessageByUID\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/IMAPUidExpungeTest.java", + "line": 86, + "event": "null_method_call", + "message": "Calling a method on null object \"m\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \t\t\t\t throws MessagingException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| \t\t Message m = ((UIDFolder)folder).getMessageByUID(2);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86|-> \t\t m.getFlags();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| \t\t assertEquals(2, handler.getSeqNum());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.BODYSTRUCTURETest.testExchangeEmptyParameterValueBug()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 44, + "event": "returned_null", + "message": "\"getItem\" returns \"null\" (checked 5 out of 9 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 44, + "event": "var_assigned", + "message": "Assigning: \"bs\" = \"null\" return value from \"getItem\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 45, + "event": "null_field_access", + "message": "Accessing field of null object \"bs\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3608, + "event": "example_assign", + "message": "Example 1: Assigning: \"uid\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3609, + "event": "example_checked", + "message": "Example 1 (cont.): \"uid\" has its value checked in \"uid != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3617, + "event": "example_assign", + "message": "Example 2: Assigning: \"modseq\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3618, + "event": "example_checked", + "message": "Example 2 (cont.): \"modseq\" has its value checked in \"modseq != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3630, + "event": "example_assign", + "message": "Example 3: Assigning: \"flags\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3631, + "event": "example_checked", + "message": "Example 3 (cont.): \"flags\" has its value checked in \"flags != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 1930, + "event": "example_checked", + "message": "Example 4: \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\" has its value checked in \"(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 2036, + "event": "example_checked", + "message": "Example 5: \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\" has its value checked in \"(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| \tFetchResponse fr = new FetchResponse(response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| \tBODYSTRUCTURE bs = fr.getItem(BODYSTRUCTURE.class);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45|-> \tParameterList p = bs.cParams;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46| \tassertNotNull(p.get(\"name\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.BODYSTRUCTURETest.testExchangeBadDisposition()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 67, + "event": "returned_null", + "message": "\"getItem\" returns \"null\" (checked 5 out of 9 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 67, + "event": "var_assigned", + "message": "Assigning: \"bs\" = \"null\" return value from \"getItem\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/BODYSTRUCTURETest.java", + "line": 68, + "event": "null_field_access", + "message": "Accessing field of null object \"bs\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3608, + "event": "example_assign", + "message": "Example 1: Assigning: \"uid\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3609, + "event": "example_checked", + "message": "Example 1 (cont.): \"uid\" has its value checked in \"uid != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3617, + "event": "example_assign", + "message": "Example 2: Assigning: \"modseq\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3618, + "event": "example_checked", + "message": "Example 2 (cont.): \"modseq\" has its value checked in \"modseq != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3630, + "event": "example_assign", + "message": "Example 3: Assigning: \"flags\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3631, + "event": "example_checked", + "message": "Example 3 (cont.): \"flags\" has its value checked in \"flags != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 1930, + "event": "example_checked", + "message": "Example 4: \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\" has its value checked in \"(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 2036, + "event": "example_checked", + "message": "Example 5: \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\" has its value checked in \"(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \tFetchResponse fr = new FetchResponse(response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \tBODYSTRUCTURE bs = fr.getItem(BODYSTRUCTURE.class);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> \tassertEquals(\"S/MIME Encrypted Message\", bs.description);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.IMAPProtocolTest.testMultipleBodyResponses()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java", + "line": 64, + "event": "returned_null", + "message": "\"fetchBody\" returns \"null\" (checked 3 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java", + "line": 64, + "event": "var_assigned", + "message": "Assigning: \"b\" = \"null\" return value from \"fetchBody\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/IMAPProtocolTest.java", + "line": 65, + "event": "null_method_call", + "message": "Calling a method on null object \"b\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPBodyPart.java", + "line": 188, + "event": "example_assign", + "message": "Example 1: Assigning: \"b\" = return value from \"p.fetchBody(seqnum, sectionId)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPBodyPart.java", + "line": 189, + "event": "example_checked", + "message": "Example 1 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 748, + "event": "example_assign", + "message": "Example 2: Assigning: \"b\" = return value from \"p.fetchBody(getSequenceNumber(), toSection(\"TEXT\"))\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 749, + "event": "example_checked", + "message": "Example 2 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 850, + "event": "example_assign", + "message": "Example 3: Assigning: \"b\" = return value from \"p.fetchBody(getSequenceNumber(), sectionId)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPMessage.java", + "line": 851, + "event": "example_checked", + "message": "Example 3 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t debug);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \tBODY b = p.fetchBody(1, \"1.1\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65|-> \tassertEquals(\"section number\", \"1.1\", b.getSection());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \t//System.out.println(b);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t//System.out.write(b.getByteArray().getNewBytes());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.MODSEQTest.testAll()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 36, + "event": "returned_null", + "message": "\"getItem\" returns \"null\" (checked 5 out of 9 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 36, + "event": "var_assigned", + "message": "Assigning: \"m\" = \"null\" return value from \"getItem\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 37, + "event": "null_field_access", + "message": "Accessing field of null object \"m\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3608, + "event": "example_assign", + "message": "Example 1: Assigning: \"uid\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3609, + "event": "example_checked", + "message": "Example 1 (cont.): \"uid\" has its value checked in \"uid != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3617, + "event": "example_assign", + "message": "Example 2: Assigning: \"modseq\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3618, + "event": "example_checked", + "message": "Example 2 (cont.): \"modseq\" has its value checked in \"modseq != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3630, + "event": "example_assign", + "message": "Example 3: Assigning: \"flags\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3631, + "event": "example_checked", + "message": "Example 3 (cont.): \"flags\" has its value checked in \"flags != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 1930, + "event": "example_checked", + "message": "Example 4: \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\" has its value checked in \"(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 2036, + "event": "example_checked", + "message": "Example 5: \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\" has its value checked in \"(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| \tFetchResponse fr = new FetchResponse(response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| \tMODSEQ m = fr.getItem(MODSEQ.class);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37|-> \tassertEquals(1, m.seqnum);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| \tassertEquals(624140003, m.modseq);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.imap.protocol.MODSEQTest.testSpaces()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 49, + "event": "returned_null", + "message": "\"getItem\" returns \"null\" (checked 5 out of 9 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 49, + "event": "var_assigned", + "message": "Assigning: \"m\" = \"null\" return value from \"getItem\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/MODSEQTest.java", + "line": 50, + "event": "null_field_access", + "message": "Accessing field of null object \"m\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3608, + "event": "example_assign", + "message": "Example 1: Assigning: \"uid\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3609, + "event": "example_checked", + "message": "Example 1 (cont.): \"uid\" has its value checked in \"uid != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3617, + "event": "example_assign", + "message": "Example 2: Assigning: \"modseq\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.MODSEQ.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3618, + "event": "example_checked", + "message": "Example 2 (cont.): \"modseq\" has its value checked in \"modseq != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3630, + "event": "example_assign", + "message": "Example 3: Assigning: \"flags\" = return value from \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/IMAPFolder.java", + "line": 3631, + "event": "example_checked", + "message": "Example 3 (cont.): \"flags\" has its value checked in \"flags != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 1930, + "event": "example_checked", + "message": "Example 4: \"fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)\" has its value checked in \"(flags = (javax.mail.Flags)fr.getItem(com.sun.mail.imap.protocol.FLAGS.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/imap/protocol/IMAPProtocol.java", + "line": 2036, + "event": "example_checked", + "message": "Example 5: \"fr.getItem(com.sun.mail.imap.protocol.UID.class)\" has its value checked in \"(u = (com.sun.mail.imap.protocol.UID)fr.getItem(com.sun.mail.imap.protocol.UID.class)) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| \tFetchResponse fr = new FetchResponse(response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \tMODSEQ m = fr.getItem(MODSEQ.class);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50|-> \tassertEquals(1, m.seqnum);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| \tassertEquals(624140003, m.modseq);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.imap.protocol.UIDSetTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java", + "line": 65, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java", + "line": 65, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader((com.sun.mail.imap.protocol.UIDSetTest.class).getResourceAsStream(\"uiddata\")))\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java", + "line": 68, + "event": "noescape", + "message": "Resource \"in\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java", + "line": 68, + "event": "path", + "message": "Condition \"(t = com.sun.mail.imap.protocol.UIDSetTest.parse(in)) != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/imap/protocol/UIDSetTest.java", + "line": 70, + "event": "leaked_resource", + "message": "Variable \"in\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| \twhile ((t = parse(in)) != null)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| \t testData.add(new TestData[] { t });", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70|-> \treturn testData;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.pop3.POP3FolderClosedExceptionTest.testFolderClosedExceptionBody()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3FolderClosedExceptionTest.java", + "line": 69, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\". (The virtual call resolves to \"javax.mail.internet.MimeMessage.getContent\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3FolderClosedExceptionTest.java", + "line": 69, + "event": "leaked_resource", + "message": "Ignoring resource created by \"msg.getContent()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\tMessage msg = folder.getMessage(1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| \t\ttry {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69|-> \t\t msg.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| \t\t} catch (IOException ioex) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| \t\t // expected", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.pop3.POP3MessageTest.loadMail(javax.mail.Part)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java", + "line": 123, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\". (The virtual call resolves to \"javax.mail.internet.MimeBodyPart.getContent\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java", + "line": 123, + "event": "var_assign", + "message": "Assigning: \"content\" = resource returned from \"p.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java", + "line": 124, + "event": "path", + "message": "Condition \"content instanceof javax.mail.Multipart\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3MessageTest.java", + "line": 130, + "event": "leaked_resource", + "message": "Variable \"content\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| \t\tloadMail(mp.getBodyPart(i));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.mail.pop3.POP3ReadableMimeTest.verifyData(javax.mail.Part)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java", + "line": 120, + "event": "path", + "message": "Condition \"p instanceof com.sun.mail.util.ReadableMime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java", + "line": 121, + "event": "assign_zero", + "message": "Assigning: \"is\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java", + "line": 125, + "event": "path", + "message": "Throwing \"javax.mail.IllegalWriteException\" from call to \"writeTo\". (The virtual call resolves to \"com.sun.mail.imap.IMAPMessage.writeTo\".)", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/pop3/POP3ReadableMimeTest.java", + "line": 135, + "event": "null_method_call", + "message": "Calling a method on null object \"is\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| \t} finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| \t try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135|-> \t\tis.close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136| \t } catch (IOException ex) { }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.smtp.NopServer.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 81, + "event": "path", + "message": "Condition \"keepOn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 83, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"accept\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 83, + "event": "var_assign", + "message": "Assigning: \"clientSocket\" = resource returned from \"serverSocket.accept()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 88, + "event": "identity_transfer", + "message": "Method call \"clientSocket.getInputStream()\" returns a wrapper for \"clientSocket\" (\"this\").", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 88, + "event": "noescape", + "message": "Resource \"clientSocket\" is not closed or saved in \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 88, + "event": "var_assign", + "message": "Assigning: \"is\" = resource returned from \"clientSocket.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 89, + "event": "noescape", + "message": "Resource \"is\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 89, + "event": "path", + "message": "Condition \"is.read() >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 92, + "event": "leaked_resource", + "message": "Variable \"is\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/NopServer.java", + "line": 92, + "event": "leaked_resource", + "message": "Variable \"clientSocket\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| \t\t\t;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \t\t gotEOF = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92|-> } catch (final IOException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| //e.printStackTrace();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "com.sun.mail.smtp.SMTPSaslHandler$#1.handle(javax.security.auth.callback.Callback[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java", + "line": 82, + "event": "hardcoded_credential", + "message": "The constant string \"\"test\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java", + "line": 82, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"\"test\"\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java", + "line": 82, + "event": "password_use", + "message": "Calling \"setPassword\". This call uses the constant string as a password. (The virtual call resolves to \"javax.security.auth.callback.PasswordCallback.setPassword(char[])\".)", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/smtp/SMTPSaslHandler.java", + "line": 82, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| \t\t } else if (callbacks[i] instanceof PasswordCallback) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| \t\t\tPasswordCallback pcb = (PasswordCallback)callbacks[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82|-> \t\t\tpcb.setPassword(p.toCharArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| \t\t } else if (callbacks[i] instanceof AuthorizeCallback) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \t\t\tAuthorizeCallback ac = (AuthorizeCallback)callbacks[i];", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.test.ClassLoaderSuite.classpathOf(java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java", + "line": 185, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java", + "line": 185, + "event": "var_assigned", + "message": "Assigning: \"url\" = \"null\" return value from \"getResource\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/ClassLoaderSuite.java", + "line": 186, + "event": "null_method_call", + "message": "Calling a method on null object \"url\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| \ttry {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| \t URL url = ClassLoaderSuite.class.getResource(name);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186|-> \t if (url.getProtocol().equals(\"file\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| \t\tString file = url.getPath();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| \t\tif (file.endsWith(name))\t// has to be true?", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.test.TestServer.createSSLContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "noescape", + "message": "Resource \"(com.sun.mail.test.TestServer.class).getResourceAsStream(\"keystore.jks\")\" is not closed or saved in \"load\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"(com.sun.mail.test.TestServer.class).getResourceAsStream(\"keystore.jks\")\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \t\t\t\tthrows IOException, GeneralSecurityException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \tKeyStore keyStore = KeyStore.getInstance(\"JKS\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> \tkeyStore.load(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \t TestServer.class.getResourceAsStream(\"keystore.jks\"),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| \t \"changeit\".toCharArray());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "com.sun.mail.test.TestServer.createSSLContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "hardcoded_credential", + "message": "The constant string \"\"changeit\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"\"changeit\"\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "password_use", + "message": "Calling \"load\". This call uses the constant string as a password. (The virtual call resolves to \"java.security.KeyStore.load(java.io.InputStream, char[])\".)", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 115, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \t\t\t\tthrows IOException, GeneralSecurityException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \tKeyStore keyStore = KeyStore.getInstance(\"JKS\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> \tkeyStore.load(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \t TestServer.class.getResourceAsStream(\"keystore.jks\"),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| \t \"changeit\".toCharArray());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "com.sun.mail.test.TestServer.createSSLContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 121, + "event": "hardcoded_credential", + "message": "The constant string \"\"changeit\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 121, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"\"changeit\"\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 121, + "event": "password_use", + "message": "Calling \"init\". This call uses the constant string as a password. (The virtual call resolves to \"javax.net.ssl.KeyManagerFactory.init(java.security.KeyStore, char[])\".)", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/test/TestServer.java", + "line": 121, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t// Create key manager", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| \tKeyManagerFactory kmf = KeyManagerFactory.getInstance(\"SunX509\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121|-> \tkmf.init(keyStore, \"changeit\".toCharArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| \tKeyManager[] km = kmf.getKeyManagers();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.UUDecoderStreamTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 67, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 67, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader((com.sun.mail.util.UUDecoderStreamTest.class).getResourceAsStream(\"uudata\")))\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 70, + "event": "noescape", + "message": "Resource \"in\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 70, + "event": "path", + "message": "Condition \"(t = com.sun.mail.util.UUDecoderStreamTest.parse(in)) != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 72, + "event": "leaked_resource", + "message": "Variable \"in\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| \twhile ((t = parse(in)) != null)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| \t testData.add(new TestData[] { t });", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> \treturn testData;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.UUDecoderStreamTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 111, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 113, + "event": "path", + "message": "Condition \"line == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 116, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 111, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 113, + "event": "path", + "message": "Condition \"line == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 118, + "event": "path", + "message": "Condition \"!line.startsWith(\"TEST\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 120, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 130, + "event": "path", + "message": "Condition \"!tok.equals(\"DATA\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 134, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreErrors\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 135, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 140, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 134, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreErrors\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 136, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreMissingBeginEnd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 137, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 140, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 144, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 145, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 145, + "event": "var_assigned", + "message": "Assigning: \"line\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 146, + "event": "null_method_call", + "message": "Calling a method on null object \"line\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tfor (;;) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t line = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> \t if (line.equals(\"EXPECT\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t os.write(line);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.UUDecoderStreamTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 27, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 111, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 113, + "event": "path", + "message": "Condition \"line == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 116, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 111, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 113, + "event": "path", + "message": "Condition \"line == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 115, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 118, + "event": "path", + "message": "Condition \"!line.startsWith(\"TEST\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 120, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 130, + "event": "path", + "message": "Condition \"!tok.equals(\"DATA\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 134, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreErrors\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 135, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 140, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 134, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreErrors\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 136, + "event": "path", + "message": "Condition \"tok.equals(\"ignoreMissingBeginEnd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 137, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 140, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 132, + "event": "path", + "message": "Condition \"st.hasMoreTokens()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 144, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 146, + "event": "path", + "message": "Condition \"line.equals(\"EXPECT\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 147, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 156, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 157, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 157, + "event": "var_assigned", + "message": "Assigning: \"line\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/UUDecoderStreamTest.java", + "line": 158, + "event": "null_method_call", + "message": "Calling a method on null object \"line\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \tfor (;;) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \t line = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \t if (line.startsWith(\"EXCEPTION\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\ti = line.indexOf(' ');\t// XXX - crude", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t\tt.expectedException = line.substring(i + 1);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.logging.CompactFormatterTest.testFormatMessage_LogRecord(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 263, + "event": "path", + "message": "Condition \"idx >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 266, + "event": "path", + "message": "Condition \"idx >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 269, + "event": "returned_null", + "message": "\"getCause\" returns \"null\" (checked 11 out of 16 times). (The virtual call resolves to \"java.lang.Throwable.getCause\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 269, + "event": "null_method_call", + "message": "Calling a method on null object \"record.getThrown().getCause()\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java", + "line": 74, + "event": "example_assign", + "message": "Example 1: Assigning: \"t\" = return value from \"getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java", + "line": 75, + "event": "example_checked", + "message": "Example 1 (cont.): \"t\" has its value checked in \"t == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java", + "line": 412, + "event": "example_assign", + "message": "Example 2: Assigning: \"c\" = return value from \"c.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java", + "line": 412, + "event": "example_checked", + "message": "Example 2 (cont.): \"c\" has its value checked in \"c != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1715, + "event": "example_assign", + "message": "Example 3: Assigning: \"cause\" = return value from \"t.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1716, + "event": "example_checked", + "message": "Example 3 (cont.): \"cause\" has its value checked in \"cause == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java", + "line": 111, + "event": "example_assign", + "message": "Example 4: Assigning: \"cause\" = return value from \"cause.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java", + "line": 111, + "event": "example_checked", + "message": "Example 4 (cont.): \"cause\" has its value checked in \"cause != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 6994, + "event": "example_assign", + "message": "Example 5: Assigning: \"cause\" = return value from \"t.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 6995, + "event": "example_checked", + "message": "Example 5 (cont.): \"cause\" has its value checked in \"cause == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268| assertTrue(result, result.contains(record.getThrown().getClass().getSimpleName()));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269|-> assertTrue(result, result.contains(record.getThrown().getCause().getClass().getSimpleName()));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| assertFalse(result, result.contains(Exception.class.getPackage().getName()));\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.logging.CompactFormatterTest.testFormatThrown()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 965, + "event": "returned_null", + "message": "\"getCause\" returns \"null\" (checked 11 out of 16 times). (The virtual call resolves to \"java.lang.Throwable.getCause\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/CompactFormatterTest.java", + "line": 965, + "event": "null_method_call", + "message": "Calling a method on null object \"e.getCause()\".", + "verbosity_level": 0 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java", + "line": 74, + "event": "example_assign", + "message": "Example 1: Assigning: \"t\" = return value from \"getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/SocketConnectException.java", + "line": 75, + "event": "example_checked", + "message": "Example 1 (cont.): \"t\" has its value checked in \"t == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java", + "line": 412, + "event": "example_assign", + "message": "Example 2: Assigning: \"c\" = return value from \"c.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/CompactFormatter.java", + "line": 412, + "event": "example_checked", + "message": "Example 2 (cont.): \"c\" has its value checked in \"c != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1715, + "event": "example_assign", + "message": "Example 3: Assigning: \"cause\" = return value from \"t.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/MailHandler.java", + "line": 1716, + "event": "example_checked", + "message": "Example 3 (cont.): \"cause\" has its value checked in \"cause == null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java", + "line": 111, + "event": "example_assign", + "message": "Example 4: Assigning: \"cause\" = return value from \"cause.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/main/java/com/sun/mail/util/logging/SeverityComparator.java", + "line": 111, + "event": "example_checked", + "message": "Example 4 (cont.): \"cause\" has its value checked in \"cause != null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 6994, + "event": "example_assign", + "message": "Example 5: Assigning: \"cause\" = return value from \"t.getCause()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 6995, + "event": "example_checked", + "message": "Example 5 (cont.): \"cause\" has its value checked in \"cause == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 963| record.setThrown(e);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 964| String result = cf.formatThrown(record);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 965|-> assertTrue(result, result.startsWith(e.getCause().getClass().getSimpleName()));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 966| assertTrue(result, result.contains(cf.formatMessage(record.getThrown())));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 967| assertTrue(result, result.endsWith(cf.formatBackTrace(record)));\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest.testThrowFilters()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1010, + "event": "new_resource", + "message": "\"new java.util.logging.ConsoleHandler()\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1010, + "event": "var_assign", + "message": "Assigning: \"mh\" = resource returned from \"new java.util.logging.MemoryHandler(new java.util.logging.ConsoleHandler(), 100, java.util.logging.Level.OFF)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1011, + "event": "noescape", + "message": "Resource \"mh\" is not closed or saved in \"setFilter\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1014, + "event": "noescape", + "message": "Resource \"mh\" is not closed or saved in \"isLoggable\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1020, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1036, + "event": "path", + "message": "Condition \"instance != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1053, + "event": "path", + "message": "Condition \"!em.exceptions.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 1054, + "event": "leaked_resource", + "message": "Variable \"mh\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1052| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1053| assertEquals(true, !em.exceptions.isEmpty());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1054|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1055| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1056| @Test", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest$#1Base.error(javax.mail.internet.MimeMessage, java.lang.Throwable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2832, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2832, + "event": "var_assign", + "message": "Assigning: \"mp\" = resource returned from \"msg.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2834, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\" (or subclass) from call to \"getHeader\". (The virtual call resolves to \"com.sun.mail.pop3.POP3Message.getHeader\".)", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2834, + "event": "leaked_resource", + "message": "Variable \"mp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2832| MimeMultipart mp = (MimeMultipart) msg.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2833| Locale l = Locale.getDefault();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2834|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader(\"Accept-Language\", null));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2835| String lang[] = msg.getContentLanguage();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2836| assertNotNull(lang);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest$#1Infer.error(javax.mail.internet.MimeMessage, java.lang.Throwable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2925, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2925, + "event": "var_assign", + "message": "Assigning: \"mp\" = resource returned from \"msg.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2929, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\" (or subclass) from call to \"getHeader\". (The virtual call resolves to \"com.sun.mail.pop3.POP3Message.getHeader\".)", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2929, + "event": "leaked_resource", + "message": "Variable \"mp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2927| assertFalse(l.getCountry().equals(expect.getCountry()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2928| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2929|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader(\"Accept-Language\", null));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2930| String lang[] = msg.getContentLanguage();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2931| assertEquals(1, lang.length);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.mail.util.logging.MailHandlerTest$#1Infer.error(javax.mail.internet.MimeMessage, java.lang.Throwable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2937, + "event": "returned_null", + "message": "\"getContentLanguage\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"javax.mail.internet.MimeBodyPart.getContentLanguage\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2937, + "event": "var_assigned", + "message": "Assigning: \"lang\" = \"null\" return value from \"getContentLanguage\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 2938, + "event": "null_array_length", + "message": "Accessing length of null array \"lang\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2936| part = (MimePart) mp.getBodyPart(0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2937| lang = part.getContentLanguage();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2938|-> assertEquals(1, lang.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2939| assertEquals(LogManagerProperties.toLanguageTag(expect), lang[0]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2940| assertEquals(LogManagerProperties.toLanguageTag(l), part.getHeader(\"Accept-Language\", null));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest$#19.error(javax.mail.internet.MimeMessage, java.lang.Throwable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3033, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3033, + "event": "var_assign", + "message": "Assigning: \"mp\" = resource returned from \"msg.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3035, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\" (or subclass) from call to \"getHeader\". (The virtual call resolves to \"com.sun.mail.pop3.POP3Message.getHeader\".)", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3035, + "event": "leaked_resource", + "message": "Variable \"mp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3033| MimeMultipart mp = (MimeMultipart) msg.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3034| Locale l = Locale.getDefault();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3035|-> assertEquals(LogManagerProperties.toLanguageTag(l), msg.getHeader(\"Accept-Language\", null));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3036| String lang[] = msg.getContentLanguage();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3037| assertEquals(LogManagerProperties.toLanguageTag(Locale.ENGLISH), lang[0]);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest.testCapacity()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3333, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3334, + "event": "new_resource", + "message": "\"new com.sun.mail.util.logging.MailHandler(1)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3334, + "event": "var_assign", + "message": "Assigning: \"h\" = resource returned from \"new com.sun.mail.util.logging.MailHandler(1)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3335, + "event": "noescape", + "message": "Resource \"h\" is not closed or saved in \"getCapacity\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 3336, + "event": "leaked_resource", + "message": "Variable \"h\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3334| MailHandler h = new MailHandler(1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3335| h.getCapacity();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3336|-> } catch (RuntimeException RE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3337| fail(RE.toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3338| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.mail.util.logging.MailHandlerTest.testVerifyLogManager()", + "language": "java", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5668, + "event": "path", + "message": "Iterating over another element of \"em.exceptions\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5670, + "event": "path", + "message": "Condition \"t instanceof javax.mail.internet.AddressException\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5674, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5668, + "event": "path", + "message": "No elements left in \"em.exceptions\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5688, + "event": "path", + "message": "Iterating over another element of \"em.exceptions\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5690, + "event": "path", + "message": "Condition \"t instanceof javax.mail.internet.AddressException\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5694, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5688, + "event": "path", + "message": "No elements left in \"em.exceptions\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5708, + "event": "path", + "message": "Iterating over another element of \"em.exceptions\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5710, + "event": "path", + "message": "Condition \"com.sun.mail.util.logging.MailHandlerTest.isConnectOrTimeout(t)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5711, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5708, + "event": "path", + "message": "No elements left in \"em.exceptions\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5725, + "event": "new_resource", + "message": "\"new com.sun.mail.util.logging.MailHandler()\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5725, + "event": "var_assign", + "message": "Assigning: \"instance\" = resource returned from \"new com.sun.mail.util.logging.MailHandler()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5726, + "event": "noescape", + "message": "Resource \"instance\" is not closed or saved in \"internalErrorManagerFrom\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5730, + "event": "path", + "message": "Iterating over another element of \"em.exceptions\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5732, + "event": "path", + "message": "Condition \"t instanceof javax.mail.internet.AddressException\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5733, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5730, + "event": "path", + "message": "No elements left in \"em.exceptions\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/com/sun/mail/util/logging/MailHandlerTest.java", + "line": 5742, + "event": "leaked_resource", + "message": "Variable \"instance\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5740| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5741| assertFalse(em.exceptions.isEmpty());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5742|-> } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5743| manager.reset();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5744| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.FoldTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 52, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 52, + "event": "noescape", + "message": "Resource \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.FoldTest.class).getResourceAsStream(\"folddata\")))\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 52, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.FoldTest.class).getResourceAsStream(\"folddata\")))\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| public static Collection data() throws IOException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| \ttestData = new ArrayList<>();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52|-> \tparse(new BufferedReader(new InputStreamReader(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t FoldTest.class.getResourceAsStream(\"folddata\"))));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \treturn testData;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.FoldTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 67, + "event": "path", + "message": "Condition \"(line = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 69, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 67, + "event": "path", + "message": "Condition \"(line = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 71, + "event": "path", + "message": "Condition \"line.equals(\"BOTH\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 73, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 80, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 67, + "event": "path", + "message": "Condition \"(line = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 71, + "event": "path", + "message": "Condition \"line.equals(\"BOTH\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 74, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 74, + "event": "var_assigned", + "message": "Assigning: \"e\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/FoldTest.java", + "line": 75, + "event": "null_method_call", + "message": "Calling a method on null object \"e\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| \t } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| \t\tString e = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75|-> \t\tif (!e.equals(\"EXPECT\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \t\t throw new IOException(\"TEST DATA FORMAT ERROR\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| \t\tString expect = readString(in);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.HeaderTokenizerTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 62, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 62, + "event": "noescape", + "message": "Resource \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream(\"tokenlist\")))\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 62, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream(\"tokenlist\")))\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| \tjunit = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \ttestData = new ArrayList<>();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62|-> \tparse(new BufferedReader(new InputStreamReader(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t InternetAddressTest.class.getResourceAsStream(\"tokenlist\"))));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \treturn testData;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.HeaderTokenizerTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 133, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 135, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 135, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 137, + "event": "path", + "message": "Condition \"c == ' '\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 140, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 133, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 135, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 135, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 137, + "event": "path", + "message": "Condition \"c == ' '\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 137, + "event": "path", + "message": "Condition \"c == '\\t'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 144, + "event": "path", + "message": "Condition \"header.startsWith(\"From: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 149, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 149, + "event": "path", + "message": "Condition \"s.startsWith(\"Expect: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 153, + "event": "path", + "message": "Condition \"i < nexpect\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 154, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/HeaderTokenizerTest.java", + "line": 154, + "event": "null_method_call", + "message": "Calling a method on null object \"in.readLine()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| \t\t\texpect = new String[nexpect];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| \t\t\tfor (i = 0; i < nexpect; i++)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154|-> \t\t\t expect[i] = in.readLine().trim();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \t\t } catch (NumberFormatException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \t\t\ttry {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.InternetAddressFoldTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 50, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 50, + "event": "noescape", + "message": "Resource \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressFoldTest.class).getResourceAsStream(\"addrfolddata\")))\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 50, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressFoldTest.class).getResourceAsStream(\"addrfolddata\")))\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| public static Collection data() throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \ttestData = new ArrayList<>();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50|-> \tparse(new BufferedReader(new InputStreamReader(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| \t InternetAddressFoldTest.class.getResourceAsStream(\"addrfolddata\"))));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \treturn testData;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.InternetAddressFoldTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 67, + "event": "path", + "message": "Condition \"(line = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 69, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 67, + "event": "path", + "message": "Condition \"(line = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.startsWith(\"#\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 68, + "event": "path", + "message": "Condition \"line.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 70, + "event": "path", + "message": "Condition \"!line.startsWith(\"FOLD\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 74, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 75, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 74, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 76, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 76, + "event": "var_assigned", + "message": "Assigning: \"e\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressFoldTest.java", + "line": 77, + "event": "null_method_call", + "message": "Calling a method on null object \"e\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| \t\torig[i] = new InternetAddress(readString(in));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \t String e = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77|-> \t if (!e.equals(\"EXPECT\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| \t\tthrow new IOException(\"TEST DATA FORMAT ERROR, MISSING EXPECT\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| \t String expect = readString(in);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.InternetAddressTest.data()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 68, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 68, + "event": "noescape", + "message": "Resource \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream(\"addrlist\")))\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 68, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.InternetAddressTest.class).getResourceAsStream(\"addrlist\")))\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \tjunit = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \ttestData = new ArrayList<>();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> \tparse(new BufferedReader(new InputStreamReader(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| \t InternetAddressTest.class.getResourceAsStream(\"addrlist\"))));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| \treturn testData;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.InternetAddressTest.parse(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 46, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 139, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == ' '\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 146, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 139, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == ' '\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == '\\t'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 150, + "event": "path", + "message": "Condition \"header.startsWith(\"Strict: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 152, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 189, + "event": "path", + "message": "Condition \"s == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 191, + "event": "path", + "message": "Condition \"s.length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 192, + "event": "path", + "message": "Condition \"(s = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 193, + "event": "path", + "message": "Condition \"s.startsWith(\"From \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 194, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 196, + "event": "path", + "message": "Condition \"s == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 200, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 139, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == ' '\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == '\\t'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 150, + "event": "path", + "message": "Condition \"header.startsWith(\"Strict: \")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 152, + "event": "path", + "message": "Condition \"header.startsWith(\"Header: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 154, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 189, + "event": "path", + "message": "Condition \"s == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 191, + "event": "path", + "message": "Condition \"s.length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 192, + "event": "path", + "message": "Condition \"(s = in.readLine()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 193, + "event": "path", + "message": "Condition \"s.startsWith(\"From \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 194, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 196, + "event": "path", + "message": "Condition \"s == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 200, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 139, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 141, + "event": "path", + "message": "Condition \"s.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == ' '\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 143, + "event": "path", + "message": "Condition \"c == '\\t'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 150, + "event": "path", + "message": "Condition \"header.startsWith(\"Strict: \")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 152, + "event": "path", + "message": "Condition \"header.startsWith(\"Header: \")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 154, + "event": "path", + "message": "Condition \"header.startsWith(\"From: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 159, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 159, + "event": "path", + "message": "Condition \"s.startsWith(\"Expect: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 163, + "event": "path", + "message": "Condition \"i < nexpect\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 164, + "event": "returned_null", + "message": "\"javax.mail.internet.InternetAddressTest.readLine(in)\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 164, + "event": "null_method_call", + "message": "Calling a method on null object \"javax.mail.internet.InternetAddressTest.readLine(in)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| \t\t\texpect = new String[nexpect];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| \t\t\tfor (i = 0; i < nexpect; i++)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 164|-> \t\t\t expect[i] = readLine(in).trim();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 165| \t\t } catch (NumberFormatException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 166| \t\t\ttry {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.InternetAddressTest.readLine(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 214, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 214, + "event": "var_assigned", + "message": "Assigning: \"line\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 215, + "event": "null_method_call", + "message": "Calling a method on null object \"line\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 213| private static String readLine(BufferedReader in) throws IOException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 214| \tString line = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 215|-> \tif (!line.endsWith(\"\\\\\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 216| \t return line;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 217| \tif (line.endsWith(\"\\\\\\\\\"))", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.mail.internet.InternetAddressTest.readLine(java.io.BufferedReader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 215, + "event": "path", + "message": "Condition \"!line.endsWith(\"\\\\\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 217, + "event": "path", + "message": "Condition \"line.endsWith(\"\\\\\\\\\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 221, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 222, + "event": "returned_null", + "message": "\"in.readLine()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 222, + "event": "var_assigned", + "message": "Assigning: \"line\" = \"null\" return value from \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/InternetAddressTest.java", + "line": 224, + "event": "null_method_call", + "message": "Calling a method on null object \"line\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| \t line = in.readLine();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| \t sb.append(line);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224|-> \t if (!line.endsWith(\"\\\\\"))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 225| \t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 226| \t if (line.endsWith(\"\\\\\\\\\")) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MailDateFormatTest.readSerializedFormat(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 78, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 78, + "event": "var_assign", + "message": "Assigning: \"resource\" = resource returned from \"this.getClass().getResourceAsStream(resourceName)\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 79, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"ObjectInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 82, + "event": "path", + "message": "Condition \"in != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 85, + "event": "path", + "message": "Leaving finally statement; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MailDateFormatTest.java", + "line": 85, + "event": "leaked_resource", + "message": "Variable \"resource\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| in.close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeBodyPartTest.testCopyDataHandler()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 81, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 86, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 86, + "event": "noescape", + "message": "Resource \"mbp.getInputStream()\" is not closed or saved in \"getString\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 86, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"mbp.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \tassertEquals(\"text/x-test\", mbp.getContentType());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| \tassertEquals(\"quoted-printable\", mbp.getEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86|-> \tassertEquals(\"test part\", getString(mbp.getInputStream()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeBodyPartTest.testSetDataHandler()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 110, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 115, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 115, + "event": "noescape", + "message": "Resource \"mbp.getInputStream()\" is not closed or saved in \"getString\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 115, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"mbp.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \tassertEquals(\"text/x-test\", mbp.getContentType());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \tassertEquals(\"quoted-printable\", mbp.getEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> \tassertEquals(\"test part\", getString(mbp.getInputStream()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeBodyPartTest.testEncodingCopiedDataHandler()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 142, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 142, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"mbp2.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 143, + "event": "noescape", + "message": "Resource \"in\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 143, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"read\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeBodyPartTest.java", + "line": 143, + "event": "leaked_resource", + "message": "Variable \"in\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t// ensure the data is correct by reading the first byte", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \tInputStream in = mbp2.getInputStream();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \tassertEquals(1, in.read());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tin.close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeMessageTest.testCopyDataHandler()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 155, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 158, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"javax.mail.internet.MimeMessage.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 158, + "event": "noescape", + "message": "Resource \"msg.getInputStream()\" is not closed or saved in \"getString\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 158, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"msg.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \tassertEquals(\"text/x-test\", msg.getContentType());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \tassertEquals(\"quoted-printable\", msg.getEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \tassertEquals(\"test message\", getString(msg.getInputStream()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeMessageTest.testSetDataHandler()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 176, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 179, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"javax.mail.internet.MimeMessage.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 179, + "event": "noescape", + "message": "Resource \"msg.getInputStream()\" is not closed or saved in \"getString\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMessageTest.java", + "line": 179, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"msg.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| \tassertEquals(\"text/x-test\", msg.getContentType());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| \tassertEquals(\"quoted-printable\", msg.getEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179|-> \tassertEquals(\"test message\", getString(msg.getInputStream()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 181| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.MimeMultipartParseTest.testMessage(int, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 114, + "event": "path", + "message": "Starting defect path here.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 128, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 128, + "event": "var_assign", + "message": "Assigning: \"is\" = resource returned from \"mbp2.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 131, + "event": "noescape", + "message": "Resource \"is\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 131, + "event": "path", + "message": "Condition \"(c = is.read()) >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/MimeMultipartParseTest.java", + "line": 144, + "event": "leaked_resource", + "message": "Variable \"is\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143| \tAssert.assertEquals(\"Expected size\", size, k);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.ModifyMessageTest.testAddHeader()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 42, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 42, + "event": "var_assign", + "message": "Assigning: \"mp\" = resource returned from \"m.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 46, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\" from call to \"MimeMessage\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 46, + "event": "leaked_resource", + "message": "Variable \"mp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| m.saveChanges();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46|-> \tMimeMessage m2 = new MimeMessage(m);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| \tassertEquals(\"b\", m2.getHeader(\"a\", null));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.ModifyMessageTest.testChangeHeader()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 53, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getContent\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 53, + "event": "var_assign", + "message": "Assigning: \"mp\" = resource returned from \"m.getContent()\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 57, + "event": "path", + "message": "Throwing \"javax.mail.MessagingException\" from call to \"MimeMessage\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ModifyMessageTest.java", + "line": 57, + "event": "leaked_resource", + "message": "Variable \"mp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| m.saveChanges();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57|-> \tMimeMessage m2 = new MimeMessage(m);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| \tassertEquals(\"test\", m2.getHeader(\"Subject\", null));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.ParameterListDecode.testDecode(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 63, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 63, + "event": "noescape", + "message": "Resource \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.ParameterListDecode.class).getResourceAsStream(paramData)))\" is not closed or saved in \"parse\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 63, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"new java.io.BufferedReader(new java.io.InputStreamReader((javax.mail.internet.ParameterListDecode.class).getResourceAsStream(paramData)))\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| protected static void testDecode(String paramData) throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \tjunit = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63|-> \tparse(new BufferedReader(new InputStreamReader(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t ParameterListDecode.class.getResourceAsStream(paramData))));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "javax.mail.internet.ParameterListDecode.testMessage(javax.mail.Message)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 402, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"javax.mail.internet.MimeMessage.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 402, + "event": "var_assign", + "message": "Assigning: \"in\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader(msg.getInputStream()))\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 405, + "event": "noescape", + "message": "Resource \"in\" is not closed or saved in \"readLine\".", + "verbosity_level": 1 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 406, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 406, + "event": "path", + "message": "Condition \"s.startsWith(\"Expect: \")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 410, + "event": "path", + "message": "Condition \"i < nexpect\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 412, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "mail-1.6.5/mail/src/test/java/javax/mail/internet/ParameterListDecode.java", + "line": 426, + "event": "leaked_resource", + "message": "Variable \"in\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 424| \tString ct = msg.getContentType();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 425| \ttest(\"Content-Type: \", ct, expect);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 426|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.codemodel.ac.ACTask.processDir(java.io.File, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java", + "line": 288, + "event": "returned_null", + "message": "\"list\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java", + "line": 288, + "event": "var_assigned", + "message": "Assigning: \"classes\" = \"null\" return value from \"list\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel-annotation-compiler/src/main/java/com/sun/codemodel/ac/ACTask.java", + "line": 295, + "event": "null_array_length", + "message": "Accessing length of null array \"classes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| });", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295|-> for (String c : classes) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296| process(prefix + c, new File(dir, c).lastModified());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.codemodel.JPackage.build(com.sun.codemodel.CodeWriter, com.sun.codemodel.CodeWriter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 438, + "event": "path", + "message": "Iterating over another element of \"classes.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 439, + "event": "path", + "message": "Condition \"c.isHidden()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 440, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 438, + "event": "path", + "message": "No elements left in \"classes.values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 448, + "event": "path", + "message": "Condition \"annotations != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 448, + "event": "path", + "message": "Condition \"!annotations.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 448, + "event": "path", + "message": "Condition \"jdoc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 451, + "event": "path", + "message": "Condition \"jdoc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 455, + "event": "path", + "message": "Condition \"annotations != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 456, + "event": "path", + "message": "No elements left in \"annotations\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 465, + "event": "path", + "message": "Iterating over another element of \"resources\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 470, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 465, + "event": "path", + "message": "Iterating over another element of \"resources\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 467, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"openBinary\". (The virtual call resolves to \"com.sun.codemodel.writer.FileCodeWriter.openBinary\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 467, + "event": "var_assign", + "message": "Assigning: \"os\" = resource returned from \"new java.io.BufferedOutputStream(cw.openBinary(this, rsrc.name()))\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 468, + "event": "noescape", + "message": "Resource \"os\" is not closed or saved in \"build\". (The virtual call resolves to \"com.sun.codemodel.fmt.JStaticFile.build\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 468, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"build\"; exiting method with uncaught exception. (The virtual call resolves to \"com.sun.codemodel.fmt.JStaticFile.build\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JPackage.java", + "line": 468, + "event": "leaked_resource", + "message": "Variable \"os\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 466| CodeWriter cw = rsrc.isResource() ? res : src;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 467| OutputStream os = new BufferedOutputStream(cw.openBinary(this, rsrc.name()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 468|-> rsrc.build(os);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 469| os.close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 470| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.codemodel.fmt.JStaticFile.build(java.io.OutputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java", + "line": 57, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java", + "line": 57, + "event": "var_assign", + "message": "Assigning: \"dis\" = resource returned from \"new java.io.DataInputStream(classLoader.getResourceAsStream(resourceName))\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java", + "line": 61, + "event": "noescape", + "message": "Resource \"dis\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java", + "line": 61, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"read\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/fmt/JStaticFile.java", + "line": 61, + "event": "leaked_resource", + "message": "Variable \"dis\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| byte[] buf = new byte[256];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| int sz;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> while( (sz=dis.read(buf))>0 )", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| os.write(buf,0,sz);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.core.v2.model.nav.ReflectionNavigator.getEnumConstants(java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 584, + "event": "returned_null", + "message": "\"getEnumConstants\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 584, + "event": "var_assigned", + "message": "Assigning: \"values\" = \"null\" return value from \"getEnumConstants\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 585, + "event": "null_array_length", + "message": "Accessing length of null array \"values\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 584| Object[] values = clazz.getEnumConstants();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 585|-> Field[] fields = new Field[values.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 586| for (int i = 0; i < values.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 587| fields[i] = clazz.getField(((Enum) values[i]).name());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.rngom.parse.compact.CompactSyntax.Include(com.sun.tools.rngom.ast.builder.GrammarSection, com.sun.tools.rngom.ast.builder.Scope, com.sun.tools.rngom.ast.builder.Annotations)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java", + "line": 1647, + "event": "returned_null", + "message": "\"makeInclude\" returns \"null\" (checked 2 out of 4 times). (The virtual call resolves to \"com.sun.tools.rngom.binary.SchemaBuilderImpl.IncludeImpl.makeInclude\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java", + "line": 1647, + "event": "var_assigned", + "message": "Assigning: \"include\" = \"null\" return value from \"makeInclude\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java", + "line": 1651, + "event": "path", + "message": "Condition \"jj_ntk == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java", + "line": 1651, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/compact/CompactSyntax.java", + "line": 1663, + "event": "null_method_call", + "message": "Calling a method on null object \"include\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/host/GrammarSectionHost.java", + "line": 65, + "event": "example_assign", + "message": "Example 1: Assigning: \"l\" = return value from \"lhs.makeInclude()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/host/GrammarSectionHost.java", + "line": 66, + "event": "example_checked", + "message": "Example 1 (cont.): \"l\" has its value checked in \"l == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 1085, + "event": "example_assign", + "message": "Example 2: Assigning: \"include\" = return value from \"section.makeInclude()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 1086, + "event": "example_checked", + "message": "Example 2 (cont.): \"include\" has its value checked in \"include != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1661| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1662| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1663|-> include.endInclude(parseable, resolve(href), ns, makeLocation(t), a);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1664| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1665| catch (IllegalSchemaException e) { }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.tools.rngom.parse.xml.SchemaParser$PatternContainerState.end()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 566, + "event": "path", + "message": "Condition \"childPatterns == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 566, + "event": "var_compare_op", + "message": "Comparing \"childPatterns\" to null implies that \"childPatterns\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 568, + "event": "no_write_call", + "message": "Although \"endChild\" does overwrite \"this.childPatterns\" on some paths, it also contains at least one feasible path which does not overwrite it.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 570, + "event": "path", + "message": "Condition \"comments != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/external/rngom/src/main/java/com/sun/tools/rngom/parse/xml/SchemaParser.java", + "line": 571, + "event": "null_method_call", + "message": "Calling a method on null object \"childPatterns\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 570| if (comments != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 571|-> int idx = childPatterns.size() - 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 572| childPatterns.set(idx, schemaBuilder.commentAfter(childPatterns.get(idx), comments));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573| comments = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.api.Bridge.marshal(java.lang.Object, javax.xml.stream.XMLStreamWriter, jakarta.xml.bind.attachment.AttachmentMarshaller)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 76, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"take\". (The virtual call resolves to \"com.sun.istack.Pool.Impl.take\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 76, + "event": "var_assign", + "message": "Assigning: \"m\" = resource returned from \"context.marshallerPool.take()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 77, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"setAttachmentMarshaller\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 78, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"marshal\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 78, + "event": "path", + "message": "Throwing \"jakarta.xml.bind.MarshalException\" from call to \"marshal\"; exiting method with uncaught exception. (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 78, + "event": "leaked_resource", + "message": "Variable \"m\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| Marshaller m = context.marshallerPool.take();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| m.setAttachmentMarshaller(am);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78|-> marshal(m,object,output);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| m.setAttachmentMarshaller(null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| context.marshallerPool.recycle(m);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.api.Bridge.marshal(java.lang.Object, java.io.OutputStream, javax.xml.namespace.NamespaceContext, jakarta.xml.bind.attachment.AttachmentMarshaller)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 106, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"take\". (The virtual call resolves to \"com.sun.istack.Pool.Impl.take\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 106, + "event": "var_assign", + "message": "Assigning: \"m\" = resource returned from \"context.marshallerPool.take()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 107, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"setAttachmentMarshaller\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 108, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"marshal\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 108, + "event": "path", + "message": "Throwing \"jakarta.xml.bind.MarshalException\" from call to \"marshal\"; exiting method with uncaught exception. (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 108, + "event": "leaked_resource", + "message": "Variable \"m\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| Marshaller m = context.marshallerPool.take();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| m.setAttachmentMarshaller(am);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> marshal(m,object,output,nsContext);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| m.setAttachmentMarshaller(null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| context.marshallerPool.recycle(m);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.api.Bridge.marshal(java.lang.Object, org.w3c.dom.Node)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 117, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"take\". (The virtual call resolves to \"com.sun.istack.Pool.Impl.take\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 117, + "event": "var_assign", + "message": "Assigning: \"m\" = resource returned from \"context.marshallerPool.take()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 118, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"marshal\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 118, + "event": "path", + "message": "Throwing \"jakarta.xml.bind.MarshalException\" from call to \"marshal\"; exiting method with uncaught exception. (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 118, + "event": "leaked_resource", + "message": "Variable \"m\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| public final void marshal(T object,Node output) throws JAXBException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| Marshaller m = context.marshallerPool.take();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118|-> marshal(m,object,output);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| context.marshallerPool.recycle(m);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.api.Bridge.marshal(java.lang.Object, org.xml.sax.ContentHandler, jakarta.xml.bind.attachment.AttachmentMarshaller)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 135, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"take\". (The virtual call resolves to \"com.sun.istack.Pool.Impl.take\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 135, + "event": "var_assign", + "message": "Assigning: \"m\" = resource returned from \"context.marshallerPool.take()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 136, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"setAttachmentMarshaller\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.MarshallerImpl.setAttachmentMarshaller\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 137, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"marshal\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 137, + "event": "path", + "message": "Throwing \"jakarta.xml.bind.MarshalException\" from call to \"marshal\"; exiting method with uncaught exception. (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 137, + "event": "leaked_resource", + "message": "Variable \"m\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135| Marshaller m = context.marshallerPool.take();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136| m.setAttachmentMarshaller(am);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137|-> marshal(m,object,contentHandler);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| m.setAttachmentMarshaller(null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| context.marshallerPool.recycle(m);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.api.Bridge.marshal(java.lang.Object, javax.xml.transform.Result)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 148, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"take\". (The virtual call resolves to \"com.sun.istack.Pool.Impl.take\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 148, + "event": "var_assign", + "message": "Assigning: \"m\" = resource returned from \"context.marshallerPool.take()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 149, + "event": "noescape", + "message": "Resource \"m\" is not closed or saved in \"marshal\". (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 149, + "event": "path", + "message": "Throwing \"jakarta.xml.bind.MarshalException\" from call to \"marshal\"; exiting method with uncaught exception. (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.BridgeImpl.marshal\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/api/Bridge.java", + "line": 149, + "event": "leaked_resource", + "message": "Variable \"m\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| public final void marshal(T object, Result result) throws JAXBException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| Marshaller m = context.marshallerPool.take();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149|-> marshal(m,object,result);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| context.marshallerPool.recycle(m);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.findFieldProperties(java.lang.Object, jakarta.xml.bind.annotation.XmlAccessType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 362, + "event": "path", + "message": "Condition \"shouldRecurseSuperClass(sc)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 366, + "event": "path", + "message": "Iterating over another element of \"nav().getDeclaredFields(c)\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 370, + "event": "path", + "message": "Condition \"nav().isTransient(f)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 372, + "event": "path", + "message": "Condition \"org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.hasJAXBAnnotation(annotations)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 376, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 399, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 366, + "event": "path", + "message": "Iterating over another element of \"nav().getDeclaredFields(c)\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 370, + "event": "path", + "message": "Condition \"nav().isTransient(f)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 377, + "event": "path", + "message": "Condition \"nav().isStaticField(f)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 382, + "event": "path", + "message": "Condition \"at == jakarta.xml.bind.annotation.XmlAccessType.FIELD\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 385, + "event": "path", + "message": "Condition \"isDummy\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top.getProperty(\"content\") == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 389, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top.getProperty(\"content\") == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 389, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "var_compare_op", + "message": "Comparing \"top\" to null implies that \"top\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 390, + "event": "null_method_call", + "message": "Calling a method on null object \"top\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388| top = top.getBaseClass();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390|-> DummyPropertyInfo prop = (DummyPropertyInfo) top.getProperty(\"content\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 391| PropertySeed seed = createFieldSeed(f);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 392| prop.addType(createReferenceProperty(seed));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.findFieldProperties(java.lang.Object, jakarta.xml.bind.annotation.XmlAccessType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 362, + "event": "path", + "message": "Condition \"shouldRecurseSuperClass(sc)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 366, + "event": "path", + "message": "Iterating over another element of \"nav().getDeclaredFields(c)\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 370, + "event": "path", + "message": "Condition \"nav().isTransient(f)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 372, + "event": "path", + "message": "Condition \"org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.hasJAXBAnnotation(annotations)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 376, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 399, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 366, + "event": "path", + "message": "Iterating over another element of \"nav().getDeclaredFields(c)\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 370, + "event": "path", + "message": "Condition \"nav().isTransient(f)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 377, + "event": "path", + "message": "Condition \"nav().isStaticField(f)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 382, + "event": "path", + "message": "Condition \"at == jakarta.xml.bind.annotation.XmlAccessType.FIELD\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 385, + "event": "path", + "message": "Condition \"isDummy\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "path", + "message": "Condition \"top.getProperty(\"content\") == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 390, + "event": "returned_null", + "message": "\"getProperty\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.model.impl.ClassInfoImpl.getProperty\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 390, + "event": "var_assigned", + "message": "Assigning: \"prop\" = \"null\" return value from \"getProperty\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 392, + "event": "null_method_call", + "message": "Calling a method on null object \"prop\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ClassInfoImpl.java", + "line": 387, + "event": "example_checked", + "message": "Example 1: \"top.getProperty(\"content\")\" has its value checked in \"top.getProperty(\"content\") == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| DummyPropertyInfo prop = (DummyPropertyInfo) top.getProperty(\"content\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 391| PropertySeed seed = createFieldSeed(f);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 392|-> prop.addType(createReferenceProperty(seed));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 393| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 394| addProperty(createFieldSeed(f), annotations, false);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.model.impl.ElementPropertyInfoImpl.isRequired()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java", + "line": 144, + "event": "path", + "message": "Condition \"isRequired == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java", + "line": 144, + "event": "var_compare_op", + "message": "Comparing \"isRequired\" to null implies that \"isRequired\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java", + "line": 145, + "event": "no_write_call", + "message": "Although \"getTypes\" does overwrite \"this.isRequired\" on some paths, it also contains at least one feasible path which does not overwrite it.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ElementPropertyInfoImpl.java", + "line": 146, + "event": "unbox_null", + "message": "Unboxing null object \"isRequired\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| if(isRequired==null)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| getTypes(); // compute the value", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> return isRequired;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.model.impl.ModelBuilder.()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ModelBuilder.java", + "line": 129, + "event": "assign_zero", + "message": "Assigning: \"s\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/ModelBuilder.java", + "line": 130, + "event": "null_method_call", + "message": "Calling a method on null object \"s\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| XmlSchema s = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130|-> s.location();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| } catch (NullPointerException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132| // as epxected", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.model.impl.RuntimeBuiltinLeafInfoImpl$#10.print(java.awt.Image)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java", + "line": 427, + "event": "path", + "message": "Condition \"mimeType == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java", + "line": 437, + "event": "path", + "message": "Condition \"itr.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java", + "line": 439, + "event": "returned_null", + "message": "\"createImageOutputStream\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java", + "line": 439, + "event": "var_assigned", + "message": "Assigning: \"os\" = \"null\" return value from \"createImageOutputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeBuiltinLeafInfoImpl.java", + "line": 442, + "event": "null_method_call", + "message": "Calling a method on null object \"os\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440| w.setOutput(os);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| w.write(convertToBufferedImage(v));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 442|-> os.close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 443| w.dispose();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 444| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.ElementBeanInfoImpl.getLoader(org.glassfish.jaxb.runtime.v2.runtime.JAXBContextImpl, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java", + "line": 266, + "event": "path", + "message": "Condition \"loader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java", + "line": 271, + "event": "path", + "message": "Condition \"result.size() == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java", + "line": 273, + "event": "returned_null", + "message": "\"getOne\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/ElementBeanInfoImpl.java", + "line": 273, + "event": "null_method_call", + "message": "Calling a method on null object \"result.getOne()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| if(result.size()==1)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| // for ElementBeanInfoImpl created from RuntimeElementInfo", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273|-> this.loader = new IntercepterLoader(result.getOne().getValue().loader);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274| else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| // for special ElementBeanInfoImpl only used for marshalling", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.JAXBContextImpl.getBeanInfo(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 516, + "event": "path", + "message": "Condition \"c != (java.lang.Object.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 518, + "event": "path", + "message": "Condition \"bi != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 519, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 516, + "event": "returned_null", + "message": "\"getSuperclass\" returns \"null\" (checked 5 out of 9 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 516, + "event": "var_assigned", + "message": "Assigning: \"c\" = \"null\" return value from \"getSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 516, + "event": "path", + "message": "Condition \"c != (java.lang.Object.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 518, + "event": "path", + "message": "Condition \"bi != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 519, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JAXBContextImpl.java", + "line": 516, + "event": "null_method_call", + "message": "Calling a method on null object \"c\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JCodeModel.java", + "line": 719, + "event": "example_assign", + "message": "Example 1: Assigning: \"sp\" = return value from \"_class.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/codemodel/codemodel/src/main/java/com/sun/codemodel/JCodeModel.java", + "line": 720, + "event": "example_checked", + "message": "Example 1 (cont.): \"sp\" has its value checked in \"sp == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 660, + "event": "example_assign", + "message": "Example 2: Assigning: \"clazz\" = return value from \"clazz.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 651, + "event": "example_checked", + "message": "Example 2 (cont.): \"clazz\" has its value checked in \"clazz != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 52, + "event": "example_assign", + "message": "Example 3: Assigning: \"sc\" = return value from \"clazz.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/core/src/main/java/org/glassfish/jaxb/core/v2/model/nav/ReflectionNavigator.java", + "line": 53, + "event": "example_checked", + "message": "Example 3 (cont.): \"sc\" has its value checked in \"sc == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JaxBeanInfo.java", + "line": 459, + "event": "example_assign", + "message": "Example 4: Assigning: \"jt\" = return value from \"jt.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/JaxBeanInfo.java", + "line": 423, + "event": "example_checked", + "message": "Example 4 (cont.): \"jt\" has its value checked in \"jt != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 138, + "event": "example_assign", + "message": "Example 5: Assigning: \"c\" = return value from \"c.getSuperclass()\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 132, + "event": "example_checked", + "message": "Example 5 (cont.): \"c\" has its value checked in \"c != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| public JaxBeanInfo getBeanInfo(Object o) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| // don't allow xs:anyType beanInfo to handle all the unbound objects", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516|-> for( Class c=o.getClass(); c!=Object.class; c=c.getSuperclass()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| JaxBeanInfo bi = beanInfoMap.get(c);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| if(bi!=null) return bi;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.property.AttributeProperty.getIdValue(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 102, + "event": "returned_null", + "message": "\"print\" returns \"null\" (checked 2 out of 6 times). (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 102, + "event": "null_method_call", + "message": "Calling a method on null object \"xacc.print(bean)\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"value\" has its value checked in \"value == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 69, + "event": "example_assign", + "message": "Example 2: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 70, + "event": "example_checked", + "message": "Example 2 (cont.): \"value\" has its value checked in \"value != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| public String getIdValue(BeanT bean) throws AccessorException, SAXException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102|-> return xacc.print(bean).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.property.SingleElementLeafProperty.getIdValue(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/SingleElementLeafProperty.java", + "line": 70, + "event": "returned_null", + "message": "\"print\" returns \"null\" (checked 2 out of 6 times). (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/SingleElementLeafProperty.java", + "line": 70, + "event": "null_method_call", + "message": "Calling a method on null object \"xacc.print(bean)\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"value\" has its value checked in \"value == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 69, + "event": "example_assign", + "message": "Example 2: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 70, + "event": "example_checked", + "message": "Example 2 (cont.): \"value\" has its value checked in \"value != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| public String getIdValue(BeanT bean) throws AccessorException, SAXException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70|-> return xacc.print(bean).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.property.ValueProperty.getIdValue(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/ValueProperty.java", + "line": 87, + "event": "returned_null", + "message": "\"print\" returns \"null\" (checked 2 out of 6 times). (The virtual call resolves to \"org.glassfish.jaxb.runtime.v2.runtime.reflect.TransducedAccessor.CompositeTransducedAccessorImpl.print\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/ValueProperty.java", + "line": 87, + "event": "null_method_call", + "message": "Calling a method on null object \"xacc.print(bean)\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/model/impl/RuntimeClassInfoImpl.java", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"value\" has its value checked in \"value == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 69, + "event": "example_assign", + "message": "Example 2: Assigning: \"value\" = return value from \"xacc.print(o)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/property/AttributeProperty.java", + "line": 70, + "event": "example_checked", + "message": "Example 2 (cont.): \"value\" has its value checked in \"value != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| public String getIdValue(BeanT bean) throws AccessorException, SAXException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87|-> return xacc.print(bean).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.runtime.reflect.opt.TransducedAccessor_method_Boolean.parse(java.lang.Object, java.lang.CharSequence)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_method_Boolean.java", + "line": 38, + "event": "returned_null", + "message": "\"_parseBoolean\" returns \"null\" (checked 3 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_method_Boolean.java", + "line": 38, + "event": "unbox_null", + "message": "Unboxing null object \"org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexical)\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/DatatypeConverterImpl.java", + "line": 953, + "event": "example_assign", + "message": "Example 1: Assigning: \"b\" = return value from \"org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexicalXSDBoolean)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/DatatypeConverterImpl.java", + "line": 954, + "event": "example_checked", + "message": "Example 1 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_field_Boolean.java", + "line": 36, + "event": "example_assign", + "message": "Example 2: Assigning: \"b\" = return value from \"org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(lexical)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/reflect/opt/TransducedAccessor_field_Boolean.java", + "line": 38, + "event": "example_checked", + "message": "Example 2 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/XsiNilLoader.java", + "line": 44, + "event": "example_assign", + "message": "Example 3: Assigning: \"b\" = return value from \"org.glassfish.jaxb.runtime.DatatypeConverterImpl._parseBoolean(ea.atts.getValue(idx))\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/XsiNilLoader.java", + "line": 46, + "event": "example_checked", + "message": "Example 3 (cont.): \"b\" has its value checked in \"b != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| public void parse(T o, CharSequence lexical) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38|-> ((Bean)o).set_boolean(DatatypeConverterImpl._parseBoolean(lexical));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.shouldErrorBeReported()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1302, + "event": "path", + "message": "Condition \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.logger.isLoggable(java.util.logging.Level.FINEST)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1305, + "event": "path", + "message": "Condition \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1306, + "event": "read_volatile", + "message": "Reading \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1306, + "event": "intervening_update", + "message": "Another thread writes to \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1306, + "event": "stale_update", + "message": "Updating \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/runtime/unmarshaller/UnmarshallingContext.java", + "line": 1305, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"org.glassfish.jaxb.runtime.v2.runtime.unmarshaller.UnmarshallingContext.errorsCounter\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1304| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1305| if (errorsCounter >= 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1306|-> --errorsCounter;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1307| if (errorsCounter == 0) // it's possible to miss this because of concurrency. If required add synchronization here", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1308| handleEvent(new ValidationEventImpl(ValidationEvent.WARNING, Messages.ERRORS_LIMIT_EXCEEDED.format(),", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.schemagen.XmlSchemaGenerator$Namespace$#2.write(org.glassfish.jaxb.runtime.v2.schemagen.xmlschema.ContentModelContainer, boolean, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1019, + "event": "var_compare_op", + "message": "Comparing \"propInfo\" to null implies that \"propInfo\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1021, + "event": "path", + "message": "Condition \"canBeDirectElementRef(t, tn, parentInfo)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1022, + "event": "path", + "message": "Condition \"!t.getTarget().isSimpleType()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1022, + "event": "path", + "message": "Condition \"t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.ClassInfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1027, + "event": "path", + "message": "Condition \"t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.Element\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1032, + "event": "null_method_call", + "message": "Calling a method on null object \"propInfo\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1030| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1031| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1032|-> Collection refs = propInfo.ref();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1033| if ((refs != null) && (!refs.isEmpty()) && (elemName != null)){", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1034| ClassInfoImpl cImpl = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.glassfish.jaxb.runtime.v2.schemagen.XmlSchemaGenerator$Namespace$#2.write(org.glassfish.jaxb.runtime.v2.schemagen.xmlschema.ContentModelContainer, boolean, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1021, + "event": "path", + "message": "Condition \"canBeDirectElementRef(t, tn, parentInfo)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1022, + "event": "path", + "message": "Condition \"!t.getTarget().isSimpleType()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1022, + "event": "path", + "message": "Condition \"t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.ClassInfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1027, + "event": "path", + "message": "Condition \"t.getTarget() instanceof org.glassfish.jaxb.core.v2.model.core.Element\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1033, + "event": "path", + "message": "Condition \"refs != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1033, + "event": "path", + "message": "Condition \"!refs.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1033, + "event": "path", + "message": "Condition \"elemName != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1035, + "event": "path", + "message": "Iterating over another element of \"refs\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1036, + "event": "path", + "message": "Condition \"ref == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1036, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/runtime/impl/src/main/java/org/glassfish/jaxb/runtime/v2/schemagen/XmlSchemaGenerator.java", + "line": 1037, + "event": "null_method_call", + "message": "Calling a method on null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1035| for (TypeInfo ref : refs) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1036| if (ref == null || ref instanceof ClassInfoImpl) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1037|-> if (elemName.equals(((ClassInfoImpl)ref).getElementName())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1038| cImpl = (ClassInfoImpl) ref;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1039| break;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "com.sun.tools.txw2.TxwOptions.getVersion()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java", + "line": 227, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getResourceAsStream\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java", + "line": 227, + "event": "noescape", + "message": "Resource \"(com.sun.tools.txw2.TxwOptions.class).getResourceAsStream(\"version.properties\")\" is not closed or saved in \"load\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/compiler/src/main/java/com/sun/tools/txw2/TxwOptions.java", + "line": 227, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"(com.sun.tools.txw2.TxwOptions.class).getResourceAsStream(\"version.properties\")\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 225| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 226| Properties p = new Properties();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 227|-> p.load(TxwOptions.class.getResourceAsStream(\"version.properties\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 228| return p.get(\"version\").toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| } catch (Throwable t) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.xml.txw2.Document$#1.onStartTag(java.lang.String, java.lang.String, com.sun.xml.txw2.Attribute, com.sun.xml.txw2.NamespaceDecl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 190, + "event": "path", + "message": "Condition \"nsUri != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 191, + "event": "path", + "message": "Condition \"localName != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 195, + "event": "path", + "message": "Condition \"!started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 203, + "event": "path", + "message": "Condition \"ns != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 206, + "event": "path", + "message": "Condition \"ns.prefix != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 208, + "event": "path", + "message": "Condition \"uri != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 208, + "event": "path", + "message": "Condition \"uri.equals(ns.uri)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 216, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 203, + "event": "path", + "message": "Condition \"ns != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 219, + "event": "path", + "message": "Condition \"ns != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 220, + "event": "path", + "message": "Condition \"ns.prefix == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 221, + "event": "path", + "message": "Condition \"inscopeNamespace.getURI(\"\").equals(ns.uri)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 225, + "event": "path", + "message": "Condition \"p == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 227, + "event": "path", + "message": "Condition \"inscopeNamespace.getURI(p = newPrefix()) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 228, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 227, + "event": "path", + "message": "Condition \"inscopeNamespace.getURI(p = newPrefix()) != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 235, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 219, + "event": "path", + "message": "Condition \"ns != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 220, + "event": "path", + "message": "Condition \"ns.prefix == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 221, + "event": "returned_null", + "message": "\"getURI\" returns \"null\" (checked 2 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 221, + "event": "null_method_call", + "message": "Calling a method on null object \"inscopeNamespace.getURI(\"\")\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 207, + "event": "example_assign", + "message": "Example 1: Assigning: \"uri\" = return value from \"inscopeNamespace.getURI(ns.prefix)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 208, + "event": "example_checked", + "message": "Example 1 (cont.): \"uri\" has its value checked in \"uri != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/txw/runtime/src/main/java/com/sun/xml/txw2/Document.java", + "line": 227, + "event": "example_checked", + "message": "Example 2: \"inscopeNamespace.getURI(p = newPrefix())\" has its value checked in \"inscopeNamespace.getURI(p = newPrefix()) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| for( NamespaceDecl ns=namespaces; ns!=null; ns=ns.next ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| if(ns.prefix==null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221|-> if(inscopeNamespace.getURI(\"\").equals(ns.uri))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| ns.prefix=\"\";", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.ModelLoader.createXSOM(com.sun.tools.xjc.reader.internalizer.DOMForest, com.sun.tools.xjc.reader.internalizer.SCDBasedBindingSet)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 477, + "event": "path", + "message": "Iterating over another element of \"forest.getRootDocuments()\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 479, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 7 out of 12 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 479, + "event": "var_assigned", + "message": "Assigning: \"dom\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 480, + "event": "null_method_call", + "message": "Calling a method on null object \"dom\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 398, + "event": "example_checked", + "message": "Example 1: \"forest.get(systemId)\" has its value checked in \"forest.get(systemId) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 341, + "event": "example_assign", + "message": "Example 2: Assigning: \"wsdlDom\" = return value from \"forest.get(grammar.getSystemId())\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 342, + "event": "example_checked", + "message": "Example 2 (cont.): \"wsdlDom\" has its value checked in \"wsdlDom == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java", + "line": 63, + "event": "example_assign", + "message": "Example 3: Assigning: \"dom\" = return value from \"forest.get(systemId)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java", + "line": 65, + "event": "example_checked", + "message": "Example 3 (cont.): \"dom\" has its value checked in \"dom == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 192, + "event": "example_assign", + "message": "Example 4: Assigning: \"target\" = return value from \"forest.get(schemaLocation)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 193, + "event": "example_checked", + "message": "Example 4 (cont.): \"target\" has its value checked in \"target == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 202, + "event": "example_assign", + "message": "Example 5: Assigning: \"target\" = return value from \"forest.get(schemaLocation)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 203, + "event": "example_checked", + "message": "Example 5 (cont.): \"target\" has its value checked in \"target == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| errorReceiver.pollAbort();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479| Document dom = forest.get(systemId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480|-> if (!Const.JAXB_NSURI.equals(dom.getDocumentElement().getNamespaceURI())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 481| reader.parse(systemId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 482| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.generator.bean.BeanGenerator$#1.onElement(com.sun.tools.xjc.model.CElementInfo)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java", + "line": 342, + "event": "returned_null", + "message": "\"getElement\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java", + "line": 342, + "event": "null_field_access", + "message": "Accessing field of null object \"getElement(element)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340| public JClassContainer onElement(CElementInfo element) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341| // hmm...", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 342|-> return getElement(element).implClass;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 343| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 344| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.generator.bean.BeanGenerator$#2.onElement(com.sun.tools.xjc.model.CElementInfo)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java", + "line": 360, + "event": "returned_null", + "message": "\"getElement\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/generator/bean/BeanGenerator.java", + "line": 360, + "event": "null_field_access", + "message": "Accessing field of null object \"getElement(element)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 358| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 359| public JClassContainer onElement(CElementInfo element) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 360|-> return getElement(element).implClass;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 361| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 362| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.TypeUtil.getCommonBaseType(com.sun.codemodel.JCodeModel, com.sun.codemodel.JType[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java", + "line": 68, + "event": "path", + "message": "Condition \"uniqueTypes.size() == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java", + "line": 72, + "event": "path", + "message": "Condition \"!uniqueTypes.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java", + "line": 78, + "event": "assign_zero", + "message": "Assigning: \"s\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java", + "line": 80, + "event": "path", + "message": "No elements left in \"uniqueTypes\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/TypeUtil.java", + "line": 90, + "event": "null_method_call", + "message": "Calling a method on null object \"s\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| // any JClass can be casted to Object, so make sure it's always there", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90|-> s.add( codeModel.ref(Object.class));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| // refine 's' by removing \"lower\" types.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.dtd.Element.bind()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 208, + "event": "path", + "message": "Condition \"ci != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 208, + "event": "var_compare_op", + "message": "Comparing \"ci\" to null implies that \"ci\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 208, + "event": "path", + "message": "Condition \"attributes.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 209, + "event": "path", + "message": "No elements left in \"attributes\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 212, + "event": "path", + "message": "Switch case value \"com.sun.xml.dtdparser.DTDEventListener.CONTENT_MODEL_ANY\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/dtd/Element.java", + "line": 216, + "event": "null_method_call", + "message": "Calling a method on null object \"ci\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 214| CReferencePropertyInfo rp = new CReferencePropertyInfo(\"Content\",true,false,true,null,null/*TODO*/,locator, false, false, false);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 215| rp.setWildcard(WildcardMode.SKIP);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 216|-> ci.addProperty(rp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 217| return;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| case DTDEventListener.CONTENT_MODEL_CHILDREN:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.internalizer.DOMForest.parse(java.lang.String, org.xml.sax.InputSource, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 376, + "event": "path", + "message": "Condition \"root\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 382, + "event": "path", + "message": "Condition \"errorReceiver != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 382, + "event": "var_compare_op", + "message": "Comparing \"errorReceiver\" to null implies that \"errorReceiver\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 384, + "event": "path", + "message": "Condition \"entityResolver != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 386, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"parse\". (The virtual call resolves to \"org.xml.sax.helpers.XMLFilterImpl.parse\".)", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 393, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 394, + "event": "null_method_call", + "message": "Calling a method on null object \"errorReceiver\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 392| return null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 393| } catch( IOException e ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 394|-> errorReceiver.error(Messages.format(Messages.DOMFOREST_INPUTSOURCE_IOEXCEPTION, systemId, e.toString()),e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 395| core.remove(systemId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 396| rootDocuments.remove(systemId);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.internalizer.DOMForest.weakSchemaCorrectnessCheck(javax.xml.validation.SchemaFactory)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 455, + "event": "path", + "message": "Iterating over another element of \"getRootDocuments()\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 457, + "event": "path", + "message": "Condition \"\"https://jakarta.ee/xml/ns/jaxb\" /* com.sun.tools.xjc.reader.Const.JAXB_NSURI */.equals(dom.getDocumentElement().getNamespaceURI())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 463, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 467, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 455, + "event": "path", + "message": "Iterating over another element of \"getRootDocuments()\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 456, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 7 out of 12 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 456, + "event": "var_assigned", + "message": "Assigning: \"dom\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForest.java", + "line": 457, + "event": "null_method_call", + "message": "Calling a method on null object \"dom\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 398, + "event": "example_checked", + "message": "Example 1: \"forest.get(systemId)\" has its value checked in \"forest.get(systemId) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 341, + "event": "example_assign", + "message": "Example 2: Assigning: \"wsdlDom\" = return value from \"forest.get(grammar.getSystemId())\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/ModelLoader.java", + "line": 342, + "event": "example_checked", + "message": "Example 2 (cont.): \"wsdlDom\" has its value checked in \"wsdlDom == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java", + "line": 63, + "event": "example_assign", + "message": "Example 3: Assigning: \"dom\" = return value from \"forest.get(systemId)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/DOMForestParser.java", + "line": 65, + "event": "example_checked", + "message": "Example 3 (cont.): \"dom\" has its value checked in \"dom == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 192, + "event": "example_assign", + "message": "Example 4: Assigning: \"target\" = return value from \"forest.get(schemaLocation)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 193, + "event": "example_checked", + "message": "Example 4 (cont.): \"target\" has its value checked in \"target == null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 202, + "event": "example_assign", + "message": "Example 5: Assigning: \"target\" = return value from \"forest.get(schemaLocation)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 203, + "event": "example_checked", + "message": "Example 5 (cont.): \"target\" has its value checked in \"target == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 455| for( String systemId : getRootDocuments() ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 456| Document dom = get(systemId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 457|-> if (Const.JAXB_NSURI.equals(dom.getDocumentElement().getNamespaceURI()))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 458| continue; // this isn't a schema. we have to do a negative check because if we see completely unrelated ns, we want to report that as an error", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 459| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.internalizer.Internalizer.buildTargetNodeMap(org.w3c.dom.Element, org.w3c.dom.Node, com.sun.tools.xjc.reader.internalizer.SCDBasedBindingSet$Target, java.util.Map, com.sun.tools.xjc.reader.internalizer.SCDBasedBindingSet)", + "language": "java", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 146, + "event": "assign_zero", + "message": "Assigning: \"targetMultiple\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 154, + "event": "path", + "message": "Condition \"bindings.getAttribute(\"required\") != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 157, + "event": "path", + "message": "Condition \"requiredAttr.equals(\"no\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 161, + "event": "path", + "message": "Condition \"bindings.getAttribute(\"multiple\") != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 164, + "event": "path", + "message": "Condition \"requiredAttr.equals(\"yes\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 170, + "event": "path", + "message": "Condition \"bindings.getAttributeNode(\"schemaLocation\") != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 174, + "event": "path", + "message": "Condition \"schemaLocation.equals(\"*\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 188, + "event": "path", + "message": "Throwing \"java.net.MalformedURLException\" from call to \"URL\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 197, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 198, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 203, + "event": "path", + "message": "Condition \"target == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 217, + "event": "path", + "message": "Condition \"bindings.getAttributeNode(\"node\") != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 225, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 233, + "event": "path", + "message": "Condition \"nlst.getLength() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 240, + "event": "path", + "message": "Condition \"nlst.getLength() != 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 255, + "event": "path", + "message": "Condition \"!multiple\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 255, + "event": "path", + "message": "Condition \"nlst.getLength() == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/internalizer/Internalizer.java", + "line": 272, + "event": "null_method_call", + "message": "Calling a method on null object \"targetMultiple\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| target = rnode;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272|-> for(Node rnode : targetMultiple) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| if (!(rnode instanceof Element)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274| reportError(bindings,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.xmlschema.DefaultClassBinder.complexType(com.sun.xml.xsom.XSComplexType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java", + "line": 100, + "event": "path", + "message": "Condition \"ci != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java", + "line": 106, + "event": "path", + "message": "Condition \"type.isGlobal()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java", + "line": 130, + "event": "returned_null", + "message": "\"getScope\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"com.sun.xml.xsom.impl.SchemaSetImpl.AnyType.getScope\".)", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java", + "line": 130, + "event": "var_assigned", + "message": "Assigning: \"element\" = \"null\" return value from \"getScope\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/DefaultClassBinder.java", + "line": 132, + "event": "null_method_call", + "message": "Calling a method on null object \"element\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| XSElementDecl element = type.getScope();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132|-> if( element.isGlobal() && isCollapsable(element)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| if(builder.getBindInfo(element).get(BIClass.class)!=null)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| // the parent element was bound to a class. Don't bind this again to", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.xmlschema.SimpleTypeBuilder.bindToTypeSafeEnum(com.sun.xml.xsom.XSRestrictionSimpleType, java.lang.String, java.lang.String, java.util.Map, com.sun.tools.xjc.reader.xmlschema.bindinfo.EnumMemberMode, org.xml.sax.Locator)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 535, + "event": "path", + "message": "Condition \"loc == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 538, + "event": "path", + "message": "Condition \"className == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 541, + "event": "path", + "message": "Condition \"!type.isGlobal()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 557, + "event": "path", + "message": "Condition \"javadoc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 557, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 570, + "event": "path", + "message": "Condition \"use.isCollection()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 575, + "event": "path", + "message": "Condition \"baseDt instanceof com.sun.tools.xjc.model.CClassInfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 581, + "event": "path", + "message": "Condition \"memberList == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 581, + "event": "path", + "message": "Condition \"checkMemberNameCollision(memberList) != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 582, + "event": "path", + "message": "Switch case value \"com.sun.tools.xjc.reader.xmlschema.bindinfo.EnumMemberMode.ERROR\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 588, + "event": "path", + "message": "Condition \"memberList == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 593, + "event": "returned_null", + "message": "\"checkMemberNameCollision\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 593, + "event": "var_assigned", + "message": "Assigning: \"collision\" = \"null\" return value from \"checkMemberNameCollision\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 594, + "event": "null_array_access", + "message": "Accessing an element on null array \"collision\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/SimpleTypeBuilder.java", + "line": 581, + "event": "example_checked", + "message": "Example 1: \"checkMemberNameCollision(memberList)\" has its value checked in \"checkMemberNameCollision(memberList) != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 592| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 593| CEnumConstant[] collision = checkMemberNameCollision(memberList);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 594|-> getErrorReporter().error( collision[0].getLocator(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 595| Messages.ERR_ENUM_MEMBER_NAME_COLLISION,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 596| collision[0].getName() );", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.reader.xmlschema.bindinfo.BIConversion$User.generateAdapter(java.lang.String, java.lang.String, com.sun.xml.xsom.XSSimpleType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 167, + "event": "path", + "message": "Condition \"adapter == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 170, + "event": "path", + "message": "Throwing \"com.sun.codemodel.JClassAlreadyExistsException\" from call to \"_class\".", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 171, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 177, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 167, + "event": "path", + "message": "Condition \"adapter == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 171, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 177, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 167, + "event": "path", + "message": "Condition \"adapter == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 188, + "event": "path", + "message": "Condition \"parseMethod.equals(\"new\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 194, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 213, + "event": "path", + "message": "Condition \"printMethod.startsWith(\"jakarta.xml.bind.DatatypeConverter.\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 220, + "event": "path", + "message": "Condition \"idx < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 232, + "event": "path", + "message": "Condition \"this.printMethod == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 235, + "event": "returned_null", + "message": "\"findBaseConversion\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 235, + "event": "null_method_call", + "message": "Calling a method on null object \"findBaseConversion(owner)\".", + "verbosity_level": 0 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 275, + "event": "example_assign", + "message": "Example 1: Assigning: \"bc\" = return value from \"findBaseConversion(owner)\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/reader/xmlschema/bindinfo/BIConversion.java", + "line": 276, + "event": "example_checked", + "message": "Example 1 (cont.): \"bc\" has its value checked in \"bc == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| // HACK HACK HACK", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 234| JType t = inMemoryType.unboxify();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 235|-> inv = JExpr.direct(printMethod+\"((\"+findBaseConversion(owner).toLowerCase()+\")(\"+t.fullName()+\")value)\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 236| } else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 237| inv = JExpr.direct(printMethod+\"(value)\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.tools.xjc.util.StringCutter.next(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java", + "line": 40, + "event": "path", + "message": "Condition \"m.lookingAt()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java", + "line": 41, + "event": "returned_null", + "message": "\"group\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java", + "line": 41, + "event": "var_assigned", + "message": "Assigning: \"r\" = \"null\" return value from \"group\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xjc/src/main/java/com/sun/tools/xjc/util/StringCutter.java", + "line": 42, + "event": "null_method_call", + "message": "Calling a method on null object \"r\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| if(m.lookingAt()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| String r = m.group();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42|-> s = s.substring(r.length());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| trim();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| return r;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "com.sun.xml.xsom.impl.parser.NGCCRuntimeEx.parseUName(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java", + "line": 476, + "event": "path", + "message": "Condition \"idx < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java", + "line": 477, + "event": "returned_null", + "message": "\"resolveNamespacePrefix\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java", + "line": 477, + "event": "var_assigned", + "message": "Assigning: \"uri\" = \"null\" return value from \"resolveNamespacePrefix\".", + "verbosity_level": 1 + }, + { + "file_name": "jaxb-ri-4.0.2-RI/jaxb-ri/xsom/src/main/java/com/sun/xml/xsom/impl/parser/NGCCRuntimeEx.java", + "line": 480, + "event": "null_method_call", + "message": "Calling a method on null object \"uri\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479| // chamelon behavior. ugly...", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480|-> if( uri.equals(\"\") && chameleonMode )", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 481| uri = currentSchema.getTargetNamespace();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 482| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__intel_shared_reg_get_constraints", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3215, + "event": "path", + "message": "Condition \"reg->alloc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3215, + "event": "path", + "message": "Condition \"!cpuc->is_fake\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3224, + "event": "lock", + "message": "Locking \"&era->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3226, + "event": "path", + "message": "Condition \"!atomic_read(&era->ref)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3226, + "event": "path", + "message": "Condition \"era->config == reg->config\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3264, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"idx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3265, + "event": "path", + "message": "Condition \"idx != reg->idx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3266, + "event": "unlock", + "message": "Unlocking \"&era->lock\". \"idx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3267, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3226, + "event": "path", + "message": "Condition \"!atomic_read(&era->ref)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3226, + "event": "path", + "message": "Condition \"era->config == reg->config\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3224, + "event": "lockagain", + "message": "Locking \"&era->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/events/intel/core.c", + "line": 3264, + "event": "use", + "message": "Using an unreliable value of \"idx\" inside the second locked section. If the data that \"idx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3262| \t\tc = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3263| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3264|-> \t\tidx = intel_alt_er(cpuc, idx, reg->config);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3265| \t\tif (idx != reg->idx) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3266| \t\t\traw_spin_unlock_irqrestore(&era->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "kvm_ioapic_update_eoi_one", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 531, + "event": "infer_lock", + "message": "Assuming \"&ioapic->lock\" is locked since it is unlocked without prior lock in this function.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 536, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"apic\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 547, + "event": "unlock", + "message": "Unlocking \"&ioapic->lock\". \"apic\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 551, + "event": "path", + "message": "Condition \"trigger_mode != 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 549, + "event": "lockagain", + "message": "Locking \"&ioapic->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/ioapic.c", + "line": 551, + "event": "use", + "message": "Using an unreliable value of \"apic\" inside the second locked section. If the data that \"apic\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| \tspin_lock(&ioapic->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551|-> \tif (trigger_mode != IOAPIC_LEVEL_TRIG ||", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \t kvm_lapic_get_reg(apic, APIC_SPIV) & APIC_SPIV_DIRECTED_EOI)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| \t\treturn;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "kvm_pmu_ops_update", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/pmu.h", + "line": 37, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/pmu.c", + "line": 85, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| void kvm_pmu_ops_update(const struct kvm_pmu_ops *pmu_ops)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85|-> \tmemcpy(&kvm_pmu_ops, pmu_ops, sizeof(kvm_pmu_ops));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| #define __KVM_X86_PMU_OP(func) \\", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "kvm_ops_update", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/include/asm/kvm_host.h", + "line": 1654, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/arch/x86/kvm/x86.c", + "line": 9390, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9388| static inline void kvm_ops_update(struct kvm_x86_init_ops *ops)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9389| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9390|-> \tmemcpy(&kvm_x86_ops, ops->runtime_ops, sizeof(kvm_x86_ops));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9391| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9392| #define __KVM_X86_OP(func) \\", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "blk_rq_map_user_io", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 688, + "event": "path", + "message": "Condition \"vec\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 690, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"fast_iov\" (address of local variable \"fast_iov\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 693, + "event": "path", + "message": "Condition \"iov_count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 693, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 693, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"import_iovec(rw, ubuf, (iov_count ? iov_count : buf_len), 8U, &iov, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 695, + "event": "path", + "message": "Condition \"ret < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/block/blk-map.c", + "line": 696, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"fast_iov\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 694| \t\t\t\tUIO_FASTIOV, &iov, &iter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 695| \t\tif (ret < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 696|-> \t\t\treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 697| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 698| \t\tif (iov_count) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "lrw_create", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 310, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 314, + "event": "path", + "message": "Condition \"IS_ERR(cipher_name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 318, + "event": "path", + "message": "Condition \"!inst\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 325, + "event": "path", + "message": "Condition \"err == -2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 327, + "event": "path", + "message": "Condition \"snprintf(ecb_name, 128, \"ecb(%s)\", cipher_name) >= 128\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 331, + "event": "local_addr", + "message": "Address of local variable \"ecb_name\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 331, + "event": "identity_transfer", + "message": "Passing \"ecb_name\" as argument 3 to function \"crypto_grab_skcipher\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 331, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"err\" = \"crypto_grab_skcipher(spawn, skcipher_crypto_instance(inst), ecb_name, 0U, mask)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 336, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 337, + "event": "path", + "message": "Jumping to label \"err_free_inst\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/crypto/lrw.c", + "line": 406, + "event": "return_local_addr_alias", + "message": "Returning pointer \"err\" which points to local variable \"ecb_name\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 404| \t\tlrw_free_instance(inst);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 405| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 406|-> \treturn err;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 407| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 408| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 26, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1502, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"qc\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"qc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"qc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1577, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_ACTIVE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1580, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1570, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1583, + "event": "use", + "message": "Using an unreliable value of \"qc\" inside the second locked section. If the data that \"qc\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1581| \t\t\t\tata_port_freeze(ap);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1582| \t\t\telse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1583|-> \t\t\t\tata_qc_complete(qc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1584| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1585| \t\t\tata_dev_warn(dev, \"qc timeout after %u msecs (cmd 0x%x)\\n\",", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1502, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"qc\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"qc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"qc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1593, + "event": "path", + "message": "Condition \"ap->ops->post_internal_cmd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1597, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_EH\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1598, + "event": "path", + "message": "Condition \"qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1601, + "event": "path", + "message": "Condition \"!qc->err_mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1604, + "event": "path", + "message": "Condition \"qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1606, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1611, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1616, + "event": "use", + "message": "Using an unreliable value of \"qc\" inside the second locked section. If the data that \"qc\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1614| \terr_mask = qc->err_mask;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1615| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1616|-> \tata_qc_free(qc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1617| \tlink->active_tag = preempted_tag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1618| \tlink->sactive = preempted_sactive;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1511, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"preempted_tag\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_tag\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_tag\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1577, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_ACTIVE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1580, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1581, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1585, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1589, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_tag\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1593, + "event": "path", + "message": "Condition \"ap->ops->post_internal_cmd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1597, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_EH\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1598, + "event": "path", + "message": "Condition \"qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1601, + "event": "path", + "message": "Condition \"!qc->err_mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1604, + "event": "path", + "message": "Condition \"qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1606, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1611, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1617, + "event": "use", + "message": "Using an unreliable value of \"preempted_tag\" inside the second locked section. If the data that \"preempted_tag\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1615| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1616| \tata_qc_free(qc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1617|-> \tlink->active_tag = preempted_tag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1618| \tlink->sactive = preempted_sactive;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1619| \tap->qc_active = preempted_qc_active;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1512, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"preempted_sactive\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_sactive\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_sactive\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1577, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_ACTIVE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1580, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1581, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1585, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1589, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_sactive\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1593, + "event": "path", + "message": "Condition \"ap->ops->post_internal_cmd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1597, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_EH\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1598, + "event": "path", + "message": "Condition \"qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1601, + "event": "path", + "message": "Condition \"!qc->err_mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1604, + "event": "path", + "message": "Condition \"qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1606, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1611, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1618, + "event": "use", + "message": "Using an unreliable value of \"preempted_sactive\" inside the second locked section. If the data that \"preempted_sactive\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1616| \tata_qc_free(qc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1617| \tlink->active_tag = preempted_tag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1618|-> \tlink->sactive = preempted_sactive;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1619| \tap->qc_active = preempted_qc_active;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1620| \tap->nr_active_links = preempted_nr_active_links;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1513, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"preempted_qc_active\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_qc_active\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_qc_active\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1577, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_ACTIVE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1580, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1581, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1585, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1589, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_qc_active\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1593, + "event": "path", + "message": "Condition \"ap->ops->post_internal_cmd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1597, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_EH\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1598, + "event": "path", + "message": "Condition \"qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1601, + "event": "path", + "message": "Condition \"!qc->err_mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1604, + "event": "path", + "message": "Condition \"qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1606, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1611, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1619, + "event": "use", + "message": "Using an unreliable value of \"preempted_qc_active\" inside the second locked section. If the data that \"preempted_qc_active\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1617| \tlink->active_tag = preempted_tag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1618| \tlink->sactive = preempted_sactive;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1619|-> \tap->qc_active = preempted_qc_active;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1620| \tap->nr_active_links = preempted_nr_active_links;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1621| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_exec_internal_sg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1493, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1496, + "event": "path", + "message": "Condition \"ata_port_is_frozen(ap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1514, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"preempted_nr_active_links\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1522, + "event": "path", + "message": "Condition \"cdb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"tf->protocol == ATAPI_PROT_DMA\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dev->flags & ATA_DFLAG_DMADIR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1526, + "event": "path", + "message": "Condition \"dma_dir == DMA_FROM_DEVICE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1532, + "event": "path", + "message": "Condition \"dma_dir != DMA_NONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1537, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1536, + "event": "path", + "message": "Condition \"i < n_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1548, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_nr_active_links\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1550, + "event": "path", + "message": "Condition \"!timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1551, + "event": "path", + "message": "Condition \"ata_probe_timeout\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1552, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1559, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1564, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1567, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_nr_active_links\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1569, + "event": "path", + "message": "Condition \"!rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1577, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_ACTIVE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1580, + "event": "path", + "message": "Condition \"ap->ops->error_handler\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1581, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1585, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1589, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"preempted_nr_active_links\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1593, + "event": "path", + "message": "Condition \"ap->ops->post_internal_cmd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1597, + "event": "path", + "message": "Condition \"qc->flags & ATA_QCFLAG_EH\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1598, + "event": "path", + "message": "Condition \"qc->result_tf.status & (33 /* ATA_ERR | ATA_DF */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1601, + "event": "path", + "message": "Condition \"!qc->err_mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1604, + "event": "path", + "message": "Condition \"qc->err_mask & 4294967039U /* ~AC_ERR_OTHER */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1606, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1611, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-core.c", + "line": 1620, + "event": "use", + "message": "Using an unreliable value of \"preempted_nr_active_links\" inside the second locked section. If the data that \"preempted_nr_active_links\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1618| \tlink->sactive = preempted_sactive;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1619| \tap->qc_active = preempted_qc_active;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1620|-> \tap->nr_active_links = preempted_nr_active_links;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1621| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1622| \tspin_unlock_irqrestore(ap->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sata_pmp_eh_handle_disabled_links", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 843, + "event": "lock", + "message": "Locking \"spinlock_check(ap->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 845, + "event": "path", + "message": "Condition \"link\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 846, + "event": "path", + "message": "Condition \"!(link->flags & ATA_LFLAG_DISABLED)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 847, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 845, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"link\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 845, + "event": "path", + "message": "Condition \"link\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 846, + "event": "path", + "message": "Condition \"!(link->flags & ATA_LFLAG_DISABLED)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 849, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"link\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 860, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 868, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 867, + "event": "lockagain", + "message": "Locking \"spinlock_check(ap->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-pmp.c", + "line": 845, + "event": "use", + "message": "Using an unreliable value of \"link\" inside the second locked section. If the data that \"link\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 843| \tspin_lock_irqsave(ap->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 844| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 845|-> \tata_for_each_link(link, ap, EDGE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 846| \t\tif (!(link->flags & ATA_LFLAG_DISABLED))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 847| \t\t\tcontinue;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ata_sff_pio_task", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1228, + "event": "lock", + "message": "Locking \"ap->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1230, + "event": "path", + "message": "Condition \"ap->sff_pio_task_link == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1232, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"qc\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1233, + "event": "path", + "message": "Condition \"!qc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1239, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1239, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1249, + "event": "path", + "message": "Condition \"status & ATA_BUSY\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1250, + "event": "unlock", + "message": "Unlocking \"ap->lock\". \"qc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1255, + "event": "path", + "message": "Condition \"status & ATA_BUSY\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1252, + "event": "lockagain", + "message": "Locking \"ap->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/ata/libata-sff.c", + "line": 1267, + "event": "use", + "message": "Using an unreliable value of \"qc\" inside the second locked section. If the data that \"qc\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1265| \tap->sff_pio_task_link = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1266| \t/* move the HSM */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1267|-> \tpoll_next = ata_sff_hsm_move(ap, qc, status, 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1268| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1269| \t/* another command or interrupt handler", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pkt_handle_queue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1097, + "event": "path", + "message": "Condition \"list_empty(&pd->cdrw.pkt_free_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1105, + "event": "lock", + "message": "Locking \"&pd->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1107, + "event": "path", + "message": "Condition \"!first_node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1109, + "event": "path", + "message": "Condition \"n\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1113, + "event": "path", + "message": "Condition \"node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1116, + "event": "path", + "message": "Condition \"!(&p->list == &pd->cdrw.pkt_active_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1117, + "event": "path", + "message": "Condition \"p->sector == zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1119, + "event": "path", + "message": "Jumping to label \"try_next_bio\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1125, + "event": "path", + "message": "Condition \"!node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1127, + "event": "path", + "message": "Condition \"n\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1130, + "event": "path", + "message": "Condition \"node == first_node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1132, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1113, + "event": "path", + "message": "Condition \"node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1116, + "event": "path", + "message": "Condition \"!(&p->list == &pd->cdrw.pkt_active_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1117, + "event": "path", + "message": "Condition \"p->sector == zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1119, + "event": "path", + "message": "Jumping to label \"try_next_bio\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1125, + "event": "path", + "message": "Condition \"!node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1130, + "event": "path", + "message": "Condition \"node == first_node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1132, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1113, + "event": "path", + "message": "Condition \"node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1115, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"zone\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1116, + "event": "path", + "message": "Condition \"!(&p->list == &pd->cdrw.pkt_active_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1117, + "event": "path", + "message": "Condition \"p->sector == zone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1121, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1116, + "event": "path", + "message": "Condition \"!(&p->list == &pd->cdrw.pkt_active_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1122, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1133, + "event": "unlock", + "message": "Unlocking \"&pd->lock\". \"zone\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1134, + "event": "path", + "message": "Condition \"!bio\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1143, + "event": "path", + "message": "Condition \"pkt->frames != (pd->settings.size >> 2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1151, + "event": "path", + "message": "Condition \"0 /* 2 == 2 && 1 >= 2 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1151, + "event": "path", + "message": "Condition \"0 /* 2 == 1 && 1 >= 1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1150, + "event": "lockagain", + "message": "Locking \"&pd->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/block/pktcdvd.c", + "line": 1152, + "event": "use", + "message": "Using an unreliable value of \"zone\" inside the second locked section. If the data that \"zone\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1150| \tspin_lock(&pd->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1151| \tpkt_dbg(2, pd, \"looking for zone %llx\\n\", (unsigned long long)zone);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1152|-> \twhile ((node = pkt_rbtree_find(pd, zone)) != NULL) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1153| \t\tbio = node->bio;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1154| \t\tpkt_dbg(2, pd, \"found zone=%llx\\n\", (unsigned long long)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "handle_recv", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 220, + "event": "lock", + "message": "Locking \"spinlock_check(&priv->recv_msg_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 221, + "event": "path", + "message": "Condition \"list_empty(&priv->recv_msgs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 226, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"entry\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 229, + "event": "unlock", + "message": "Unlocking \"&priv->recv_msg_lock\". \"entry\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 232, + "event": "path", + "message": "Condition \"rsp->addr_len < addr_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 237, + "event": "path", + "message": "Condition \"copy_to_user(rsp->addr, &msg->addr, addr_len)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 239, + "event": "path", + "message": "Jumping to label \"recv_putback_on_err\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 281, + "event": "lockagain", + "message": "Locking \"spinlock_check(&priv->recv_msg_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/ipmi/ipmi_devintf.c", + "line": 282, + "event": "use", + "message": "Using an unreliable value of \"entry\" inside the second locked section. If the data that \"entry\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280| \t the head of the queue. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 281| \tspin_lock_irqsave(&priv->recv_msg_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 282|-> \tlist_add(entry, &priv->recv_msgs);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| \tspin_unlock_irqrestore(&priv->recv_msg_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| recv_err:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "control_work_handler", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1704, + "event": "lock", + "message": "Locking \"&portdev->c_ivq_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1705, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"buf\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1705, + "event": "path", + "message": "Condition \"buf = virtqueue_get_buf(vq, &len)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1706, + "event": "unlock", + "message": "Unlocking \"&portdev->c_ivq_lock\". \"buf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1708, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x256 < __UNIQUE_ID___y257\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1713, + "event": "lockagain", + "message": "Locking \"&portdev->c_ivq_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/char/virtio_console.c", + "line": 1714, + "event": "use", + "message": "Using an unreliable value of \"buf\" inside the second locked section. If the data that \"buf\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1712| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713| \t\tspin_lock(&portdev->c_ivq_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714|-> \t\tif (add_inbuf(portdev->c_ivq, buf) < 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1715| \t\t\tdev_warn(&portdev->vdev->dev,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1716| \t\t\t\t \"Error adding buffer to queue\\n\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ccp_handle_active_desc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 28, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 198, + "event": "path", + "message": "Condition \"desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 202, + "event": "path", + "message": "Condition \"!list_empty(&desc->pending)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 204, + "event": "path", + "message": "Condition \"desc->status != DMA_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 213, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 217, + "event": "lock", + "message": "Locking \"spinlock_check(&chan->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 219, + "event": "path", + "message": "Condition \"desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 220, + "event": "path", + "message": "Condition \"desc->status != DMA_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 231, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"desc\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 233, + "event": "unlock", + "message": "Unlocking \"&chan->lock\". \"desc\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 235, + "event": "path", + "message": "Condition \"tx_desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 240, + "event": "path", + "message": "Condition \"desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 198, + "event": "path", + "message": "Condition \"desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 202, + "event": "path", + "message": "Condition \"!list_empty(&desc->pending)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 204, + "event": "path", + "message": "Condition \"desc->status != DMA_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 213, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 219, + "event": "path", + "message": "Condition \"desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 220, + "event": "path", + "message": "Condition \"desc->status != DMA_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 223, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 217, + "event": "lockagain", + "message": "Locking \"spinlock_check(&chan->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/crypto/ccp/ccp-dmaengine.c", + "line": 231, + "event": "use", + "message": "Using an unreliable value of \"desc\" inside the second locked section. If the data that \"desc\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231|-> \t\tdesc = __ccp_next_dma_desc(chan, desc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| \t\tspin_unlock_irqrestore(&chan->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "init_once", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/dax/super.c", + "line": 29, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 629, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 630, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/dax/super.c", + "line": 522, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 520| \tstruct inode *inode = &dax_dev->inode;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 521| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 522|-> \tmemset(dax_dev, 0, sizeof(*dax_dev));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 523| \tinode_init_once(inode);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 524| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "amdgpu_discovery_sysfs_ip_hw_free", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1029, + "event": "lock", + "message": "Locking \"&hw_id_kset->list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1030, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1030, + "event": "path", + "message": "Condition \"!list_is_head(el, &hw_id_kset->list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1032, + "event": "unlock", + "message": "Unlocking \"&hw_id_kset->list_lock\". \"tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1036, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1035, + "event": "lockagain", + "message": "Locking \"&hw_id_kset->list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1030, + "event": "use", + "message": "Using an unreliable value of \"tmp\" inside the second locked section. If the data that \"tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1028| \thw_id_kset = &ip_hw_id->hw_id_kset;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1029| \tspin_lock(&hw_id_kset->list_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1030|-> \tlist_for_each_prev_safe(el, tmp, &hw_id_kset->list) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1031| \t\tlist_del_init(el);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1032| \t\tspin_unlock(&hw_id_kset->list_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "amdgpu_discovery_sysfs_die_free", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1047, + "event": "lock", + "message": "Locking \"&ip_kset->list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1048, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1048, + "event": "path", + "message": "Condition \"!list_is_head(el, &ip_kset->list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1050, + "event": "unlock", + "message": "Unlocking \"&ip_kset->list_lock\". \"tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1053, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1052, + "event": "lockagain", + "message": "Locking \"&ip_kset->list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1048, + "event": "use", + "message": "Using an unreliable value of \"tmp\" inside the second locked section. If the data that \"tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1046| \tip_kset = &ip_die_entry->ip_kset;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1047| \tspin_lock(&ip_kset->list_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1048|-> \tlist_for_each_prev_safe(el, tmp, &ip_kset->list) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1049| \t\tlist_del_init(el);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1050| \t\tspin_unlock(&ip_kset->list_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "amdgpu_discovery_sysfs_fini", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1064, + "event": "lock", + "message": "Locking \"&die_kset->list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1065, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1065, + "event": "path", + "message": "Condition \"!list_is_head(el, &die_kset->list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1067, + "event": "unlock", + "message": "Unlocking \"&die_kset->list_lock\". \"tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1070, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1069, + "event": "lockagain", + "message": "Locking \"&die_kset->list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c", + "line": 1065, + "event": "use", + "message": "Using an unreliable value of \"tmp\" inside the second locked section. If the data that \"tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1063| \tdie_kset = &adev->ip_top->die_kset;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1064| \tspin_lock(&die_kset->list_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1065|-> \tlist_for_each_prev_safe(el, tmp, &die_kset->list) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1066| \t\tlist_del_init(el);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1067| \t\tspin_unlock(&die_kset->list_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "svm_migrate_init", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h", + "line": 131, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h", + "line": 23, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/amd/amdkfd/kfd_migrate.c", + "line": 1001, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 999| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1000| \tpgmap = &kfddev->pgmap;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1001|-> \tmemset(pgmap, 0, sizeof(*pgmap));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1002| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1003| \t/* TODO: register all vram to HMM for now.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "gen6_alloc_va_range", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 183, + "event": "lock", + "message": "Locking \"&pd->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pde\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"pde < 512\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"(pt = i915_pt_entry(pd, pde)) , true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 187, + "event": "path", + "message": "Condition \"!pt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 188, + "event": "unlock", + "message": "Unlocking \"&pd->lock\". \"pde\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 196, + "event": "path", + "message": "Condition \"!pd->entry[pde]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 200, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 208, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x491 < __UNIQUE_ID___y492\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"pde < 512\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 195, + "event": "lockagain", + "message": "Locking \"&pd->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "use", + "message": "Using an unreliable value of \"pde\" inside the second locked section. If the data that \"pde\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 182| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| \tspin_lock(&pd->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184|-> \tgen6_for_each_pde(pt, pd, start, length, pde) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| \t\tconst unsigned int count = gen6_pte_count(start, length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "gen6_alloc_va_range", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 183, + "event": "lock", + "message": "Locking \"&pd->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"pde < 512\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 184, + "event": "path", + "message": "Condition \"(pt = i915_pt_entry(pd, pde)) , true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 185, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"count\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 187, + "event": "path", + "message": "Condition \"!pt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 188, + "event": "unlock", + "message": "Unlocking \"&pd->lock\". \"count\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 196, + "event": "path", + "message": "Condition \"!pd->entry[pde]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 200, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 195, + "event": "lockagain", + "message": "Locking \"&pd->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/gen6_ppgtt.c", + "line": 207, + "event": "use", + "message": "Using an unreliable value of \"count\" inside the second locked section. If the data that \"count\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 205| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 206| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 207|-> \t\tatomic_add(count, &pt->used);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| \tspin_unlock(&pd->lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "i915_driver_create", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/intel_device_info.h", + "line": 309, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_driver.c", + "line": 735, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 733| \t/* Setup the write-once \"constant\" device info */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 734| \tdevice_info = mkwrite_device_info(i915);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 735|-> \tmemcpy(device_info, match_info, sizeof(*device_info));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 736| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 737| \t/* Initialize initial runtime info from static const data and pdev. */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "gt_record_uc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h", + "line": 91, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h", + "line": 92, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c", + "line": 1713, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1711| \t\treturn NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1712| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713|-> \tmemcpy(&error_uc->guc_fw, &uc->guc.fw, sizeof(uc->guc.fw));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714| \tmemcpy(&error_uc->huc_fw, &uc->huc.fw, sizeof(uc->huc.fw));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1715| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "gt_record_uc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h", + "line": 91, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/gt/uc/intel_uc_fw.h", + "line": 92, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c", + "line": 1714, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1712| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713| \tmemcpy(&error_uc->guc_fw, &uc->guc.fw, sizeof(uc->guc.fw));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714|-> \tmemcpy(&error_uc->huc_fw, &uc->huc.fw, sizeof(uc->huc.fw));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1715| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1716| \terror_uc->guc_fw.file_selected.path = kstrdup(uc->guc.fw.file_selected.path, ALLOW_FAIL);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "capture_gen", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/intel_device_info.h", + "line": 309, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_gpu_error.c", + "line": 1968, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1966| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1967| \ti915_params_copy(&error->params, &i915->params);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1968|-> \tmemcpy(&error->device_info,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1969| \t INTEL_INFO(i915),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1970| \t sizeof(error->device_info));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lock_sched_engine", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 144, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rq->engine) == sizeof (char) || sizeof (rq->engine) == sizeof (short)) || sizeof (rq->engine) == sizeof (int)) || sizeof (rq->engine) == sizeof (long)) || sizeof (rq->engine) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 144, + "event": "path", + "message": "Condition \"locked != (sched_engine = ({...; *((struct intel_engine_cs * const volatile *)&rq->engine);})->sched_engine)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 147, + "event": "lock", + "message": "Locking \"&sched_engine->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 149, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 144, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rq->engine) == sizeof (char) || sizeof (rq->engine) == sizeof (short)) || sizeof (rq->engine) == sizeof (int)) || sizeof (rq->engine) == sizeof (long)) || sizeof (rq->engine) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 144, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sched_engine\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 144, + "event": "path", + "message": "Condition \"locked != (sched_engine = ({...; *((struct intel_engine_cs * const volatile *)&rq->engine);})->sched_engine)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 145, + "event": "unlock", + "message": "Unlocking \"&locked->lock\". \"sched_engine\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 147, + "event": "lockagain", + "message": "Locking \"&sched_engine->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/i915/i915_scheduler.c", + "line": 148, + "event": "use", + "message": "Using an unreliable value of \"sched_engine\" inside the second locked section. If the data that \"sched_engine\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| \t\tmemset(cache, 0, sizeof(*cache));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \t\tspin_lock(&sched_engine->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148|-> \t\tlocked = sched_engine;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "ttm_bo_move_memcpy", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 160, + "event": "path", + "message": "Condition \"!src_mem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 164, + "event": "path", + "message": "Condition \"ttm\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 164, + "event": "path", + "message": "Condition \"ttm->page_flags & (1U /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 167, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 172, + "event": "path", + "message": "Condition \"PTR_ERR(dst_iter) == -22\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 172, + "event": "path", + "message": "Condition \"dst_man->use_tt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 174, + "event": "path", + "message": "Condition \"IS_ERR(dst_iter)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 177, + "event": "local_addr", + "message": "Address of local variable \"_src_iter\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 177, + "event": "identity_transfer", + "message": "Passing \"&_src_iter.io\" as argument 1 to function \"ttm_kmap_iter_linear_io_init\", which returns an offset off that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 177, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"src_iter\" = \"ttm_kmap_iter_linear_io_init(&_src_iter.io, bdev, src_mem)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 178, + "event": "path", + "message": "Condition \"PTR_ERR(src_iter) == -22\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 178, + "event": "path", + "message": "Condition \"src_man->use_tt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 180, + "event": "path", + "message": "Condition \"IS_ERR(src_iter)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 181, + "event": "identity_transfer", + "message": "Passing \"src_iter\" as argument 1 to function \"PTR_ERR\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 181, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"PTR_ERR(src_iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 182, + "event": "path", + "message": "Jumping to label \"out_src_iter\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 194, + "event": "path", + "message": "Condition \"!dst_iter->ops->maps_tt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/gpu/drm/ttm/ttm_bo_util.c", + "line": 197, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"_src_iter\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| \t\tttm_kmap_iter_linear_io_fini(&_dst_iter.io, bdev, dst_mem);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 196| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 197|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| EXPORT_SYMBOL(ttm_bo_move_memcpy);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "msix_request_irq", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 84, + "event": "lock", + "message": "Locking \"&dd->msix_info.msix_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 85, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"nr\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 87, + "event": "path", + "message": "Condition \"nr < dd->msix_info.max_requested\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 89, + "event": "unlock", + "message": "Unlocking \"&dd->msix_info.msix_lock\". \"nr\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 91, + "event": "path", + "message": "Condition \"nr == dd->msix_info.max_requested\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 94, + "event": "path", + "message": "Condition \"type < IRQ_SDMA\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 94, + "event": "path", + "message": "Condition \"type >= IRQ_OTHER\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 99, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 103, + "event": "lockagain", + "message": "Locking \"&dd->msix_info.msix_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/hfi1/msix.c", + "line": 104, + "event": "use", + "message": "Using an unreliable value of \"nr\" inside the second locked section. If the data that \"nr\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \t\t\t name, irq, nr, ret);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| \t\tspin_lock(&dd->msix_info.msix_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104|-> \t\t__clear_bit(nr, dd->msix_info.in_use_msix);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\tspin_unlock(&dd->msix_info.msix_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t\treturn ret;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "irdma_cm_timer_tick", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1279, + "event": "path", + "message": "Condition \"!list_is_head(list_node, &timer_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1284, + "event": "path", + "message": "Condition \"close_entry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1285, + "event": "path", + "message": "Condition \"1 /* ({...; 1;}) && ({...; 1;}) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1285, + "event": "path", + "message": "Condition \"(long)(jiffies - close_entry->timetosend) < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1299, + "event": "path", + "message": "Condition \"!send_entry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1301, + "event": "path", + "message": "Condition \"1 /* ({...; 1;}) && ({...; 1;}) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1301, + "event": "path", + "message": "Condition \"(long)(jiffies - send_entry->timetosend) < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1314, + "event": "path", + "message": "Condition \"cm_node->state == IRDMA_CM_STATE_OFFLOADED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1314, + "event": "path", + "message": "Condition \"cm_node->state == IRDMA_CM_STATE_CLOSED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1320, + "event": "path", + "message": "Condition \"!send_entry->retranscount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1320, + "event": "path", + "message": "Condition \"!send_entry->retrycount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1333, + "event": "path", + "message": "Condition \"!cm_node->ack_rcvd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1339, + "event": "lock", + "message": "Locking \"spinlock_check(&cm_node->retrans_list_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1340, + "event": "path", + "message": "Condition \"send_entry->send_retrans\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1347, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x850 < __UNIQUE_ID___y851\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1348, + "event": "path", + "message": "Condition \"nexttimeout > send_entry->timetosend\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1349, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"nexttimeout\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1352, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1361, + "event": "unlock", + "message": "Unlocking \"&cm_node->retrans_list_lock\". \"nexttimeout\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1363, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1279, + "event": "path", + "message": "Condition \"!list_is_head(list_node, &timer_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1365, + "event": "path", + "message": "Condition \"settimer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1367, + "event": "path", + "message": "Condition \"!timer_pending(&cm_core->tcp_timer)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1366, + "event": "lockagain", + "message": "Locking \"spinlock_check(&cm_core->ht_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/cm.c", + "line": 1368, + "event": "use", + "message": "Using an unreliable value of \"nexttimeout\" inside the second locked section. If the data that \"nexttimeout\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1366| \t\tspin_lock_irqsave(&cm_core->ht_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1367| \t\tif (!timer_pending(&cm_core->tcp_timer)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1368|-> \t\t\tcm_core->tcp_timer.expires = nexttimeout;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1369| \t\t\tadd_timer(&cm_core->tcp_timer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1370| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "irdma_detach_mcast", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4127, + "event": "path", + "message": "Condition \"!ipv6_addr_v4mapped((struct in6_addr *)ibgid)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4129, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4133, + "event": "lock", + "message": "Locking \"spinlock_check(&rf->qh_list_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4134, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mc_qht_elem\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4135, + "event": "path", + "message": "Condition \"!mc_qht_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4144, + "event": "path", + "message": "Condition \"!mc_qht_elem->mc_grp_ctx.no_of_mgs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4146, + "event": "unlock", + "message": "Unlocking \"&rf->qh_list_lock\". \"mc_qht_elem\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4149, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4150, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4150, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4150, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4150, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4150, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4152, + "event": "lockagain", + "message": "Locking \"spinlock_check(&rf->qh_list_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/irdma/verbs.c", + "line": 4153, + "event": "use", + "message": "Using an unreliable value of \"mc_qht_elem\" inside the second locked section. If the data that \"mc_qht_elem\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4151| \t\t\t\t \"VERBS: failed MC_DESTROY MCG\\n\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4152| \t\t\tspin_lock_irqsave(&rf->qh_list_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4153|-> \t\t\tmcast_list_add(rf, mc_qht_elem);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4154| \t\t\tspin_unlock_irqrestore(&rf->qh_list_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4155| \t\t\treturn -EAGAIN;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "mlx5_cmd_alloc_memic", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 27, + "event": "path", + "message": "Condition \"!length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 27, + "event": "path", + "message": "Condition \"length & MLX5_MEMIC_ALLOC_SIZE_MASK\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 33, + "event": "path", + "message": "Condition \"alignment < MLX5_MEMIC_BASE_ALIGN\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 35, + "event": "path", + "message": "Condition \"mlx5_alignment > max_alignment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 38, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 39, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 40, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 41, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_alloc_memic_in_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 44, + "event": "path", + "message": "Condition \"page_idx < num_memic_hw_pages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 45, + "event": "lock", + "message": "Locking \"&dm->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 46, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"page_idx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 51, + "event": "path", + "message": "Condition \"page_idx < num_memic_hw_pages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 55, + "event": "unlock", + "message": "Unlocking \"&dm->lock\". \"page_idx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 57, + "event": "path", + "message": "Condition \"page_idx >= num_memic_hw_pages\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 60, + "event": "path", + "message": "Condition \"0 /* !!(__builtin_offsetof() % 64) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 60, + "event": "path", + "message": "Condition \"0 /* !!(sizeof ((NULL)->range_start_addr) != 64) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 64, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 65, + "event": "lockagain", + "message": "Locking \"&dm->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/hw/mlx5/dm.c", + "line": 66, + "event": "use", + "message": "Using an unreliable value of \"page_idx\" inside the second locked section. If the data that \"page_idx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64| \t\tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\t\tspin_lock(&dm->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66|-> \t\t\tbitmap_clear(dm->memic_alloc_pages,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\t\t\t page_idx, num_pages);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| \t\t\tspin_unlock(&dm->lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rvt_ruc_loopback", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 150, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2935, + "event": "path", + "message": "Condition \"sqp->s_flags & (65506U /* 2 | ((((0x400 | 0x800) | 0x1000) | 0x2000) | ((((((0x20 | 0x40) | 0x80) | 0x100) | 0x200) | 0x4000) | 0x8000)) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2935, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & (40 /* 8 | 0x20 */))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2948, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x20)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2952, + "event": "path", + "message": "Jumping to label \"flush_send\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2948, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x20)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2952, + "event": "path", + "message": "Jumping to label \"flush_send\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_REG_MR\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2987, + "event": "path", + "message": "Jumping to label \"send_comp\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_SEND_WITH_INV\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3002, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3004, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3005, + "event": "path", + "message": "Jumping to label \"rnr_nak\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3148, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type == IB_QPT_UC\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3149, + "event": "path", + "message": "Jumping to label \"send_comp\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_SEND_WITH_INV\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3002, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3004, + "event": "path", + "message": "Condition \"!ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3006, + "event": "path", + "message": "Condition \"wqe->length > qp->r_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3008, + "event": "path", + "message": "Switch case value \"IB_WR_SEND_WITH_INV\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3010, + "event": "path", + "message": "Condition \"!rvt_invalidate_rkey(qp, (*wqe).wr.ex.invalidate_rkey)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3016, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3024, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3101, + "event": "path", + "message": "Condition \"sqp->s_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3110, + "event": "path", + "message": "Condition \"release\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3113, + "event": "path", + "message": "Condition \"!test_and_clear_bit(0, &qp->r_aflags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3116, + "event": "path", + "message": "Condition \"(*wqe).wr.opcode == IB_WR_RDMA_WRITE_WITH_IMM\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3129, + "event": "path", + "message": "Condition \"(*wqe).wr.send_flags & IB_SEND_SOLICITED\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_RDMA_WRITE_WITH_IMM\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3027, + "event": "path", + "message": "Condition \"!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3032, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3034, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3035, + "event": "path", + "message": "Jumping to label \"rnr_nak\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3148, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type == IB_QPT_UC\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3149, + "event": "path", + "message": "Jumping to label \"send_comp\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_RDMA_WRITE_WITH_IMM\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3027, + "event": "path", + "message": "Condition \"!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3032, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3034, + "event": "path", + "message": "Condition \"!ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3037, + "event": "path", + "message": "Jumping to label \"do_write\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3043, + "event": "path", + "message": "Condition \"wqe->length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3045, + "event": "path", + "message": "Condition \"!!!rvt_rkey_ok(qp, &qp->r_sge.sge, wqe->length, (*wqe).rdma_wr.remote_addr, (*wqe).rdma_wr.rkey, IB_ACCESS_REMOTE_WRITE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3053, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3101, + "event": "path", + "message": "Condition \"sqp->s_len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3104, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3104, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3107, + "event": "path", + "message": "Condition \"!release\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3109, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3101, + "event": "path", + "message": "Condition \"sqp->s_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3110, + "event": "path", + "message": "Condition \"release\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3113, + "event": "path", + "message": "Condition \"!test_and_clear_bit(0, &qp->r_aflags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3114, + "event": "path", + "message": "Jumping to label \"send_comp\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2970, + "event": "lock", + "message": "Locking \"spinlock_check(&qp->r_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_RDMA_WRITE\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3039, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"copy_last\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3040, + "event": "path", + "message": "Condition \"!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_WRITE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3043, + "event": "path", + "message": "Condition \"wqe->length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3044, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3101, + "event": "path", + "message": "Condition \"sqp->s_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3110, + "event": "path", + "message": "Condition \"release\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3113, + "event": "path", + "message": "Condition \"!test_and_clear_bit(0, &qp->r_aflags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3114, + "event": "path", + "message": "Jumping to label \"send_comp\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3132, + "event": "unlock", + "message": "Unlocking \"&qp->r_lock\". \"copy_last\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3139, + "event": "unlock", + "message": "Unlocking \"&sqp->r_lock\". \"copy_last\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3140, + "event": "path", + "message": "Condition \"local_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3144, + "event": "path", + "message": "Jumping to label \"again\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (sqp->s_head) == sizeof (char) || sizeof (sqp->s_head) == sizeof (short)) || sizeof (sqp->s_head) == sizeof (int)) || sizeof (sqp->s_head) == sizeof (long)) || sizeof (sqp->s_head) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2942, + "event": "path", + "message": "Condition \"sqp->s_last == ({...; *((unsigned int const volatile *)&sqp->s_head);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2947, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[sqp->state] & 0x10)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2960, + "event": "path", + "message": "Condition \"sqp->s_last == sqp->s_cur\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2961, + "event": "path", + "message": "Condition \"++sqp->s_cur >= sqp->s_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2964, + "event": "unlock", + "message": "Unlocking \"&sqp->s_lock\". \"copy_last\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2966, + "event": "path", + "message": "Condition \"!qp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"!(ib_rvt_state_ops[qp->state] & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2971, + "event": "path", + "message": "Condition \"qp->ibqp.qp_type != sqp->ibqp.qp_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2985, + "event": "path", + "message": "Switch case value \"IB_WR_RDMA_READ\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3056, + "event": "path", + "message": "Condition \"!!!(qp->qp_access_flags & IB_ACCESS_REMOTE_READ)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3058, + "event": "path", + "message": "Condition \"!!!rvt_rkey_ok(qp, &sqp->s_sge.sge, wqe->length, (*wqe).rdma_wr.remote_addr, (*wqe).rdma_wr.rkey, IB_ACCESS_REMOTE_READ)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3070, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3101, + "event": "path", + "message": "Condition \"sqp->s_len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3104, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3104, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 2970, + "event": "lockagain", + "message": "Locking \"spinlock_check(&qp->r_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/infiniband/sw/rdmavt/qp.c", + "line": 3105, + "event": "use", + "message": "Using an unreliable value of \"copy_last\" inside the second locked section. If the data that \"copy_last\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3103| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3104| \t\tWARN_ON_ONCE(len == 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3105|-> \t\trvt_copy_sge(qp, &qp->r_sge, sge->vaddr,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3106| \t\t\t len, release, copy_last);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3107| \t\trvt_update_sge(&sqp->s_sge, len, !release);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "qi_submit_sync", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 42, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1363, + "event": "path", + "message": "Condition \"!qi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1368, + "event": "path", + "message": "Condition \"type == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1368, + "event": "path", + "message": "Condition \"dmar_latency_enabled(iommu, DMAR_LATENCY_INV_IOTLB)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1372, + "event": "path", + "message": "Condition \"type == 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1372, + "event": "path", + "message": "Condition \"type == 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1376, + "event": "path", + "message": "Condition \"type == 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1393, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1397, + "event": "path", + "message": "Condition \"!!((iommu->ecap >> 43) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1410, + "event": "path", + "message": "Condition \"options & (1UL /* 1UL << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1437, + "event": "path", + "message": "Condition \"rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1438, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1446, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1446, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1451, + "event": "path", + "message": "Condition \"rc == -11\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1452, + "event": "path", + "message": "Jumping to label \"restart\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1392, + "event": "lock", + "message": "Locking \"&qi->q_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1393, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1395, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"index\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1397, + "event": "path", + "message": "Condition \"!!((iommu->ecap >> 43) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1410, + "event": "path", + "message": "Condition \"options & (1UL /* 1UL << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1437, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1440, + "event": "unlock", + "message": "Unlocking \"&qi->q_lock\". \"index\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1443, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1442, + "event": "lockagain", + "message": "Locking \"&qi->q_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1436, + "event": "use", + "message": "Using an unreliable value of \"index\" inside the second locked section. If the data that \"index\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1434| \t\t * for free slots in the queue.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1435| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1436|-> \t\trc = qi_check_fault(iommu, index, wait_index);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1437| \t\tif (rc)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1438| \t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "qi_submit_sync", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 47, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1363, + "event": "path", + "message": "Condition \"!qi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1368, + "event": "path", + "message": "Condition \"type == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1368, + "event": "path", + "message": "Condition \"dmar_latency_enabled(iommu, DMAR_LATENCY_INV_IOTLB)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1372, + "event": "path", + "message": "Condition \"type == 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1372, + "event": "path", + "message": "Condition \"type == 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1376, + "event": "path", + "message": "Condition \"type == 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1393, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1397, + "event": "path", + "message": "Condition \"!!((iommu->ecap >> 43) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1410, + "event": "path", + "message": "Condition \"options & (1UL /* 1UL << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1437, + "event": "path", + "message": "Condition \"rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1438, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1446, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1446, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1451, + "event": "path", + "message": "Condition \"rc == -11\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1452, + "event": "path", + "message": "Jumping to label \"restart\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1392, + "event": "lock", + "message": "Locking \"&qi->q_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1392, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"flags\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1393, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1389, + "event": "path", + "message": "Condition \"qi->free_cnt < count + 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1397, + "event": "path", + "message": "Condition \"!!((iommu->ecap >> 43) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1405, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1399, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1410, + "event": "path", + "message": "Condition \"options & (1UL /* 1UL << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1437, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1440, + "event": "unlock", + "message": "Unlocking \"&qi->q_lock\". \"flags\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1443, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1428, + "event": "path", + "message": "Condition \"qi->desc_status[wait_index] != QI_DONE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1437, + "event": "path", + "message": "Condition \"rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1438, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1446, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1445, + "event": "path", + "message": "Condition \"i < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1442, + "event": "lockagain", + "message": "Locking \"&qi->q_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/iommu/intel/dmar.c", + "line": 1449, + "event": "use", + "message": "Using an unreliable value of \"flags\" inside the second locked section. If the data that \"flags\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1447| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1448| \treclaim_free_desc(qi);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1449|-> \traw_spin_unlock_irqrestore(&qi->q_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1450| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1451| \tif (rc == -EAGAIN)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "level_store", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3859, + "event": "path", + "message": "Condition \"slen == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3859, + "event": "path", + "message": "Condition \"slen >= 16UL /* sizeof (clevel) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3863, + "event": "path", + "message": "Condition \"rv\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3866, + "event": "path", + "message": "Condition \"mddev->pers == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3876, + "event": "path", + "message": "Condition \"!md_is_rdwr(mddev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3886, + "event": "path", + "message": "Condition \"mddev->sync_thread\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3886, + "event": "path", + "message": "Condition \"test_bit(MD_RECOVERY_RUNNING, &mddev->recovery)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3886, + "event": "path", + "message": "Condition \"mddev->reshape_position != 18446744073709551615ULL /* ~((sector_t)0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3886, + "event": "path", + "message": "Condition \"mddev->sysfs_active\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3893, + "event": "path", + "message": "Condition \"!mddev->pers->quiesce\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3901, + "event": "path", + "message": "Condition \"clevel[slen - 1] == 10\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3904, + "event": "path", + "message": "Condition \"kstrtol(clevel, 10, &level)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3907, + "event": "path", + "message": "Condition \"__request_module(true /* true */, \"md-%s\", clevel) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3909, + "event": "lock", + "message": "Locking \"&pers_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3910, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pers\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3911, + "event": "path", + "message": "Condition \"!pers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3911, + "event": "path", + "message": "Condition \"!try_module_get(pers->owner)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3917, + "event": "unlock", + "message": "Unlocking \"&pers_lock\". \"pers\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3919, + "event": "path", + "message": "Condition \"pers == mddev->pers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3925, + "event": "path", + "message": "Condition \"!pers->takeover\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3933, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3934, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3933, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3940, + "event": "path", + "message": "Condition \"IS_ERR(priv)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3958, + "event": "lockagain", + "message": "Locking \"&mddev->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 3961, + "event": "use", + "message": "Using an unreliable value of \"pers\" inside the second locked section. If the data that \"pers\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3959| \toldpers = mddev->pers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3960| \toldpriv = mddev->private;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3961|-> \tmddev->pers = pers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3962| \tmddev->private = priv;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3963| \tstrscpy(mddev->clevel, pers->name, sizeof(mddev->clevel));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "md_run", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 99, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5757, + "event": "path", + "message": "Condition \"list_empty(&mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5761, + "event": "path", + "message": "Condition \"mddev->pers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5764, + "event": "path", + "message": "Condition \"mddev->sysfs_active\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5770, + "event": "path", + "message": "Condition \"!mddev->raid_disks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5771, + "event": "path", + "message": "Condition \"!mddev->persistent\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5774, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5778, + "event": "path", + "message": "Condition \"mddev->level != -1000000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5779, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5789, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5790, + "event": "path", + "message": "Condition \"test_bit(Faulty, &rdev->flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5791, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5789, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5790, + "event": "path", + "message": "Condition \"test_bit(Faulty, &rdev->flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5794, + "event": "path", + "message": "Condition \"mddev->ro != MD_RDONLY\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5794, + "event": "path", + "message": "Condition \"rdev_read_only(rdev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5800, + "event": "path", + "message": "Condition \"rdev->sb_page\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5807, + "event": "path", + "message": "Condition \"rdev->meta_bdev\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5809, + "event": "path", + "message": "Condition \"rdev->data_offset < rdev->sb_start\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5810, + "event": "path", + "message": "Condition \"mddev->dev_sectors\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5810, + "event": "path", + "message": "Condition \"rdev->data_offset + mddev->dev_sectors > rdev->sb_start\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5817, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5826, + "event": "path", + "message": "Condition \"nowait\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5826, + "event": "path", + "message": "Condition \"bdev_nowait(rdev->bdev)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5827, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5789, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5790, + "event": "path", + "message": "Condition \"test_bit(Faulty, &rdev->flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5794, + "event": "path", + "message": "Condition \"mddev->ro != MD_RDONLY\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5794, + "event": "path", + "message": "Condition \"rdev_read_only(rdev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5800, + "event": "path", + "message": "Condition \"rdev->sb_page\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5807, + "event": "path", + "message": "Condition \"rdev->meta_bdev\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5809, + "event": "path", + "message": "Condition \"rdev->data_offset < rdev->sb_start\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5810, + "event": "path", + "message": "Condition \"mddev->dev_sectors\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5810, + "event": "path", + "message": "Condition \"rdev->data_offset + mddev->dev_sectors > rdev->sb_start\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5817, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5826, + "event": "path", + "message": "Condition \"nowait\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5826, + "event": "path", + "message": "Condition \"bdev_nowait(rdev->bdev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5827, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5789, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5831, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5834, + "event": "path", + "message": "Condition \"!bioset_initialized(&mddev->bio_set)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5839, + "event": "path", + "message": "Condition \"!bioset_initialized(&mddev->sync_set)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5845, + "event": "lock", + "message": "Locking \"&pers_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5846, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pers\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5847, + "event": "path", + "message": "Condition \"!pers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5847, + "event": "path", + "message": "Condition \"!try_module_get(pers->owner)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5858, + "event": "unlock", + "message": "Unlocking \"&pers_lock\". \"pers\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5859, + "event": "path", + "message": "Condition \"mddev->level != pers->level\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5865, + "event": "path", + "message": "Condition \"mddev->reshape_position != 18446744073709551615ULL /* ~((sector_t)0) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5865, + "event": "path", + "message": "Condition \"pers->start_reshape == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5873, + "event": "path", + "message": "Condition \"pers->sync_request\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5880, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5881, + "event": "path", + "message": "Condition \"!(&rdev2->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5882, + "event": "path", + "message": "Condition \"rdev < rdev2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5882, + "event": "path", + "message": "Condition \"rdev->bdev->bd_disk == rdev2->bdev->bd_disk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5885, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5891, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5881, + "event": "path", + "message": "Condition \"!(&rdev2->same_set == &mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5891, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5880, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5893, + "event": "path", + "message": "Condition \"warned\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5894, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5903, + "event": "path", + "message": "Condition \"start_readonly\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5903, + "event": "path", + "message": "Condition \"md_is_rdwr(mddev)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5907, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5909, + "event": "path", + "message": "Condition \"pers->size(mddev, 0, 0) < mddev->array_sectors\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5918, + "event": "path", + "message": "Condition \"err == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5918, + "event": "path", + "message": "Condition \"pers->sync_request\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5918, + "event": "path", + "message": "Condition \"mddev->bitmap_info.file\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5923, + "event": "path", + "message": "Condition \"IS_ERR(bitmap)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5925, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5927, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5931, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5934, + "event": "path", + "message": "Condition \"mddev->bitmap_info.max_write_behind > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5937, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5938, + "event": "path", + "message": "Condition \"test_bit(WriteMostly, &rdev->flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5938, + "event": "path", + "message": "Condition \"rdev_init_serial(rdev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5941, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5937, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5938, + "event": "path", + "message": "Condition \"test_bit(WriteMostly, &rdev->flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5938, + "event": "path", + "message": "Condition \"rdev_init_serial(rdev)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5941, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5937, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5942, + "event": "path", + "message": "Condition \"create_pool\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5942, + "event": "path", + "message": "Condition \"mddev->serial_info_pool == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5946, + "event": "path", + "message": "Condition \"!mddev->serial_info_pool\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5953, + "event": "path", + "message": "Condition \"mddev->queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5956, + "event": "path", + "message": "Condition \"!(&rdev->same_set == &mddev->disks)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5957, + "event": "path", + "message": "Condition \"rdev->raid_disk >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5957, + "event": "path", + "message": "Condition \"!bdev_nonrot(rdev->bdev)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5959, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5962, + "event": "path", + "message": "Condition \"mddev->degraded\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5964, + "event": "path", + "message": "Condition \"nonrot\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5971, + "event": "path", + "message": "Condition \"nowait\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5974, + "event": "path", + "message": "Condition \"pers->sync_request\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5975, + "event": "path", + "message": "Condition \"mddev->kobj.sd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5975, + "event": "path", + "message": "Condition \"sysfs_create_group(&mddev->kobj, &md_redundancy_group)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5982, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5988, + "event": "path", + "message": "Condition \"mddev_is_clustered(mddev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5994, + "event": "lockagain", + "message": "Locking \"&mddev->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/md.c", + "line": 5995, + "event": "use", + "message": "Using an unreliable value of \"pers\" inside the second locked section. If the data that \"pers\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5993| \tsmp_wmb();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5994| \tspin_lock(&mddev->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5995|-> \tmddev->pers = pers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5996| \tspin_unlock(&mddev->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5997| \trdev_for_each(rdev, mddev)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "stripe_add_to_batch_list", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 917, + "event": "path", + "message": "Condition \"!({...; __rem;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 921, + "event": "path", + "message": "Condition \"last_sh\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 921, + "event": "path", + "message": "Condition \"head_sector == last_sh->sector\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 926, + "event": "lock", + "message": "Locking \"conf->hash_locks + hash\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 927, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"head\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 929, + "event": "unlock", + "message": "Unlocking \"conf->hash_locks + hash\". \"head\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 930, + "event": "path", + "message": "Condition \"!head\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 932, + "event": "path", + "message": "Condition \"!stripe_can_batch(head)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 938, + "event": "path", + "message": "Condition \"!stripe_can_batch(head)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 938, + "event": "path", + "message": "Condition \"!stripe_can_batch(sh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 941, + "event": "path", + "message": "Condition \"sh->batch_head\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 945, + "event": "path", + "message": "Condition \"dd_idx == sh->pd_idx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 946, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 945, + "event": "path", + "message": "Condition \"dd_idx == sh->pd_idx\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 945, + "event": "path", + "message": "Condition \"dd_idx == sh->qd_idx\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 947, + "event": "path", + "message": "Condition \"head->dev[dd_idx].towrite->bi_opf != sh->dev[dd_idx].towrite->bi_opf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 947, + "event": "path", + "message": "Condition \"bio_op(head->dev[dd_idx].towrite) != bio_op(sh->dev[dd_idx].towrite)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 951, + "event": "path", + "message": "Condition \"head->batch_head\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 936, + "event": "lockagain", + "message": "Locking \"sh->stripe_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/md/raid5.c", + "line": 974, + "event": "use", + "message": "Using an unreliable value of \"head\" inside the second locked section. If the data that \"head\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 972| \t\tspin_unlock(&head->batch_head->batch_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 973| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 974|-> \t\thead->batch_head = head;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 975| \t\tsh->batch_head = head->batch_head;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 976| \t\tspin_lock(&head->batch_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "lpc_sch_populate_cell", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/mfd/core.h", + "line": 95, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mfd/lpc_sch.c", + "line": 122, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| \t\treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122|-> \tmemset(cell, 0, sizeof(*cell));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| \tcell->name = name;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "tifm_7xx1_switch_media", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 145, + "event": "lock", + "message": "Locking \"spinlock_check(&fm->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 149, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 149, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 149, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 149, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 149, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 152, + "event": "path", + "message": "Condition \"!socket_change_set\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 157, + "event": "path", + "message": "Condition \"cnt < fm->num_sockets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 158, + "event": "path", + "message": "Condition \"!(socket_change_set & (1 << cnt))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 159, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 157, + "event": "path", + "message": "Condition \"cnt < fm->num_sockets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 158, + "event": "path", + "message": "Condition \"!(socket_change_set & (1 << cnt))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 159, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 157, + "event": "path", + "message": "Condition \"cnt < fm->num_sockets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 158, + "event": "path", + "message": "Condition \"!(socket_change_set & (1 << cnt))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 161, + "event": "path", + "message": "Condition \"sock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 162, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 166, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sock_addr\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 167, + "event": "unlock", + "message": "Unlocking \"&fm->lock\". \"sock_addr\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 169, + "event": "lockagain", + "message": "Locking \"spinlock_check(&fm->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/misc/tifm_7xx1.c", + "line": 170, + "event": "use", + "message": "Using an unreliable value of \"sock_addr\" inside the second locked section. If the data that \"sock_addr\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| \t\t\tdevice_unregister(&sock->dev);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| \t\t\tspin_lock_irqsave(&fm->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170|-> \t\t\ttifm_7xx1_sock_power_off(sock_addr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| \t\t\twritel(0x0e00, sock_addr + SOCK_CONTROL);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sdhci_request_done", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3054, + "event": "lock", + "message": "Locking \"spinlock_check(&host->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3056, + "event": "path", + "message": "Condition \"i < 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3058, + "event": "path", + "message": "Condition \"mrq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3059, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3062, + "event": "path", + "message": "Condition \"!mrq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3071, + "event": "path", + "message": "Condition \"sdhci_needs_reset(host, mrq)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3078, + "event": "path", + "message": "Condition \"host->cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3078, + "event": "path", + "message": "Condition \"host->data_cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3084, + "event": "path", + "message": "Condition \"host->quirks & (1U /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3098, + "event": "path", + "message": "Condition \"host->flags & (4 /* 1 << 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3099, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"data\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"host->use_external_dma\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"mrq->cmd->error\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3106, + "event": "unlock", + "message": "Unlocking \"&host->lock\". \"data\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3112, + "event": "path", + "message": "Condition \"data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3112, + "event": "path", + "message": "Condition \"data->host_cookie == COOKIE_MAPPED\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3113, + "event": "path", + "message": "Condition \"host->bounce_buffer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3108, + "event": "lockagain", + "message": "Locking \"spinlock_check(&host->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3118, + "event": "use", + "message": "Using an unreliable value of \"data\" inside the second locked section. If the data that \"data\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3116| \t\t\t\t * sglist", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3117| \t\t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3118|-> \t\t\t\tif (mmc_get_dma_dir(data) == DMA_FROM_DEVICE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3119| \t\t\t\t\tunsigned int length = data->bytes_xfered;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3120| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sdhci_request_done", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3054, + "event": "lock", + "message": "Locking \"spinlock_check(&host->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3056, + "event": "path", + "message": "Condition \"i < 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3058, + "event": "path", + "message": "Condition \"mrq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3059, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3062, + "event": "path", + "message": "Condition \"!mrq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3071, + "event": "path", + "message": "Condition \"sdhci_needs_reset(host, mrq)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3078, + "event": "path", + "message": "Condition \"host->cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3078, + "event": "path", + "message": "Condition \"host->data_cmd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3084, + "event": "path", + "message": "Condition \"host->quirks & (1U /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3098, + "event": "path", + "message": "Condition \"host->flags & (4 /* 1 << 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3099, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"data\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"host->use_external_dma\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3101, + "event": "path", + "message": "Condition \"mrq->cmd->error\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3106, + "event": "unlock", + "message": "Unlocking \"&host->lock\". \"data\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3112, + "event": "path", + "message": "Condition \"data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3112, + "event": "path", + "message": "Condition \"data->host_cookie == COOKIE_MAPPED\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3113, + "event": "path", + "message": "Condition \"host->bounce_buffer\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3108, + "event": "lockagain", + "message": "Locking \"spinlock_check(&host->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mmc/host/sdhci.c", + "line": 3148, + "event": "use", + "message": "Using an unreliable value of \"data\" inside the second locked section. If the data that \"data\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3146| \t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3147| \t\t\t\t/* Unmap the raw data */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3148|-> \t\t\t\tdma_unmap_sg(mmc_dev(host->mmc), data->sg,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3149| \t\t\t\t\t data->sg_len,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3150| \t\t\t\t\t mmc_get_dma_dir(data));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "wear_leveling_worker", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 38, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 658, + "event": "path", + "message": "Condition \"shutdown\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 662, + "event": "path", + "message": "Condition \"!vidb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 669, + "event": "lock", + "message": "Locking \"&ubi->wl_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 670, + "event": "path", + "message": "Condition \"!ubi->move_from\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 670, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 671, + "event": "path", + "message": "Condition \"!!!!ubi->move_to_put\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 671, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 673, + "event": "path", + "message": "Condition \"!ubi->free.rb_node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 673, + "event": "path", + "message": "Condition \"!ubi->used.rb_node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 673, + "event": "path", + "message": "Condition \"!ubi->scrub.rb_node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 718, + "event": "path", + "message": "Condition \"!ubi->scrub.rb_node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 747, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"e2\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 748, + "event": "path", + "message": "Condition \"!e2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 753, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 753, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 753, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 753, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 753, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 758, + "event": "unlock", + "message": "Unlocking \"&ubi->wl_lock\". \"e2\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 772, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 772, + "event": "path", + "message": "Condition \"err != UBI_IO_BITFLIPS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 774, + "event": "path", + "message": "Condition \"err == UBI_IO_FF\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 785, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 785, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 785, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 785, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 785, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 787, + "event": "path", + "message": "Jumping to label \"out_not_moved\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 917, + "event": "path", + "message": "Condition \"vol_id != -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 921, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 921, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 921, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 921, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 921, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 924, + "event": "path", + "message": "Condition \"protect\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 925, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 933, + "event": "path", + "message": "Condition \"dst_leb_clean\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 923, + "event": "lockagain", + "message": "Locking \"&ubi->wl_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/mtd/ubi/wl.c", + "line": 934, + "event": "use", + "message": "Using an unreliable value of \"e2\" inside the second locked section. If the data that \"e2\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 932| \t\twl_tree_add(e1, &ubi->used);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 933| \tif (dst_leb_clean) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 934|-> \t\twl_tree_add(e2, &ubi->free);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 935| \t\tubi->free_count++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 936| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "mlx5_tc_ct_entry_create_mod_hdr", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 711, + "event": "local_ptr_assign_local", + "message": "Assigning: \"mod_acts.actions\" = \"actions_arr\" (address of local variable \"actions_arr\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 718, + "event": "path", + "message": "Condition \"!meta\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 724, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 726, + "event": "path", + "message": "Condition \"nat_table\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 727, + "event": "path", + "message": "Condition \"has_nat\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 728, + "event": "identity_transfer", + "message": "Passing field \"mod_acts.actions\" (indirectly, via argument 3) to function \"mlx5_tc_ct_entry_create_nat\", which returns an offset off it.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 728, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"err\" = \"mlx5_tc_ct_entry_create_nat(ct_priv, flow_rule, &mod_acts)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 729, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 730, + "event": "path", + "message": "Jumping to label \"err_mapping\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c", + "line": 775, + "event": "return_local_addr_alias", + "message": "Returning pointer \"err\" which points to local variable \"actions_arr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 773| \tmlx5e_mod_hdr_dealloc(&mod_acts);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 774| \tmlx5_put_label_mapping(ct_priv, attr->ct_attr.ct_labels_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775|-> \treturn err;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 776| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 777| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "mlx5_dm_sw_icm_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 136, + "event": "path", + "message": "Condition \"!dev->dm\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 139, + "event": "path", + "message": "Condition \"!length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 139, + "event": "path", + "message": "Condition \"length & length - 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 139, + "event": "path", + "message": "Condition \"length & (1 << (((__u32)__builtin_bswap32((__u32)(__u32)(__be32)(__be32 *)dev->caps.hca[MLX5_CAP_DEV_MEM]->cur[8UL /* __builtin_offsetof() / 32 */]) >> 8UL /* 32 - sizeof ((NULL)->log_sw_icm_alloc_granularity) - (__builtin_offsetof() & 31) */) & 63U /* (u32)((1ULL << sizeof ((NULL)->log_sw_icm_alloc_granularity)) - 1) */)) - 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 143, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 145, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 146, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_general_obj_in_cmd_hdr_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 148, + "event": "path", + "message": "Switch case value \"MLX5_SW_ICM_TYPE_STEERING\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 153, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 171, + "event": "path", + "message": "Condition \"!block_map\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 176, + "event": "path", + "message": "Condition \"log_alignment < (((__u32)__builtin_bswap32((__u32)(__u32)(__be32)(__be32 *)dev->caps.hca[MLX5_CAP_DEV_MEM]->cur[8UL /* __builtin_offsetof() / 32 */]) >> 8UL /* 32 - sizeof ((NULL)->log_sw_icm_alloc_granularity) - (__builtin_offsetof() & 31) */) & 63U /* (u32)((1ULL << sizeof ((NULL)->log_sw_icm_alloc_granularity)) - 1) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 180, + "event": "lock", + "message": "Locking \"&dm->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 181, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"block_idx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 184, + "event": "path", + "message": "Condition \"block_idx < max_blocks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 188, + "event": "unlock", + "message": "Unlocking \"&dm->lock\". \"block_idx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 190, + "event": "path", + "message": "Condition \"block_idx >= max_blocks\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 195, + "event": "path", + "message": "Condition \"0 /* !!(__builtin_offsetof() % 64) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 195, + "event": "path", + "message": "Condition \"0 /* !!(sizeof ((NULL)->sw_icm_start_addr) != 64) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 197, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (struct mlx5_ifc_sw_icm_bits) % 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 200, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 201, + "event": "lockagain", + "message": "Locking \"&dm->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c", + "line": 202, + "event": "use", + "message": "Using an unreliable value of \"block_idx\" inside the second locked section. If the data that \"block_idx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200| \tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201| \t\tspin_lock(&dm->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202|-> \t\tbitmap_clear(block_map,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| \t\t\t block_idx, num_blocks);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 204| \t\tspin_unlock(&dm->lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "_qed_mcp_cmd_and_union", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 477, + "event": "lock", + "message": "Locking \"&p_hwfn->mcp_info->cmd_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 479, + "event": "path", + "message": "Condition \"!qed_mcp_has_pending_cmd(p_hwfn)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 480, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 496, + "event": "path", + "message": "Condition \"cnt >= max_retries\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 506, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"p_cmd_elem\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 507, + "event": "path", + "message": "Condition \"!p_cmd_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 513, + "event": "unlock", + "message": "Unlocking \"&p_hwfn->mcp_info->cmd_lock\". \"p_cmd_elem\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"__params\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"__params->flags & (1U /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"({...; __params && __params->flags & (1U /* 1 << 0 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 523, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 529, + "event": "path", + "message": "Condition \"p_cmd_elem->b_is_completed\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 533, + "event": "path", + "message": "Condition \"!rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 535, + "event": "path", + "message": "Condition \"rc != -11\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 538, + "event": "unlock", + "message": "Unlocking \"&p_hwfn->mcp_info->cmd_lock\". \"p_cmd_elem\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 539, + "event": "path", + "message": "Condition \"++cnt < max_retries\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 541, + "event": "path", + "message": "Condition \"cnt >= max_retries\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 542, + "event": "path", + "message": "Condition \"!!(p_hwfn->dp_level <= QED_LEVEL_NOTICE)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 542, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 542, + "event": "path", + "message": "Condition \"p_hwfn->name\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 547, + "event": "lockagain", + "message": "Locking \"&p_hwfn->mcp_info->cmd_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 548, + "event": "use", + "message": "Using an unreliable value of \"p_cmd_elem\" inside the second locked section. If the data that \"p_cmd_elem\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 546| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 547| \t\tspin_lock_bh(&p_hwfn->mcp_info->cmd_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548|-> \t\tqed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| \t\tspin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "_qed_mcp_cmd_and_union", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 477, + "event": "lock", + "message": "Locking \"&p_hwfn->mcp_info->cmd_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 479, + "event": "path", + "message": "Condition \"!qed_mcp_has_pending_cmd(p_hwfn)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 480, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 496, + "event": "path", + "message": "Condition \"cnt >= max_retries\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 506, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"p_cmd_elem\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 507, + "event": "path", + "message": "Condition \"!p_cmd_elem\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 513, + "event": "unlock", + "message": "Unlocking \"&p_hwfn->mcp_info->cmd_lock\". \"p_cmd_elem\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"__params\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"__params->flags & (1U /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 522, + "event": "path", + "message": "Condition \"({...; __params && __params->flags & (1U /* 1 << 0 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 523, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 529, + "event": "path", + "message": "Condition \"p_cmd_elem->b_is_completed\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 530, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 541, + "event": "path", + "message": "Condition \"cnt >= max_retries\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 527, + "event": "lockagain", + "message": "Locking \"&p_hwfn->mcp_info->cmd_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/qlogic/qed/qed_mcp.c", + "line": 559, + "event": "use", + "message": "Using an unreliable value of \"p_cmd_elem\" inside the second locked section. If the data that \"p_cmd_elem\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 557| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 558| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559|-> \tqed_mcp_cmd_del_elem(p_hwfn, p_cmd_elem);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 560| \tspin_unlock_bh(&p_hwfn->mcp_info->cmd_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 561| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "efx_ef100_rep_poll", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 404, + "event": "lock", + "message": "Locking \"&efv->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 405, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"read_index\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"spent < weight\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"!list_empty(&efv->rx_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 411, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"spent < weight\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"!list_empty(&efv->rx_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 411, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"spent < weight\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 406, + "event": "path", + "message": "Condition \"!list_empty(&efv->rx_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 412, + "event": "unlock", + "message": "Unlocking \"&efv->rx_lock\". \"read_index\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 415, + "event": "path", + "message": "Condition \"spent < weight\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 416, + "event": "path", + "message": "Condition \"napi_complete_done(napi, spent)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 417, + "event": "lockagain", + "message": "Locking \"&efv->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/ethernet/sfc/ef100_rep.c", + "line": 418, + "event": "use", + "message": "Using an unreliable value of \"read_index\" inside the second locked section. If the data that \"read_index\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| \t\tif (napi_complete_done(napi, spent)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| \t\t\tspin_lock_bh(&efv->rx_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418|-> \t\t\tefv->read_index = read_index;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| \t\t\t/* If write_index advanced while we were doing the", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| \t\t\t * RX, then storing our read_index won't re-prime the", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "macsec_upd_txsa", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2333, + "event": "path", + "message": "Condition \"!attrs[MACSEC_ATTR_IFINDEX]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2336, + "event": "path", + "message": "Condition \"parse_sa_config(attrs, tb_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2339, + "event": "path", + "message": "Condition \"!validate_upd_sa(tb_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2345, + "event": "path", + "message": "Condition \"IS_ERR(tx_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2350, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_PN]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2353, + "event": "path", + "message": "Condition \"secy->xpn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2354, + "event": "path", + "message": "Condition \"nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2361, + "event": "lock", + "message": "Locking \"&tx_sa->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2362, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"prev_pn\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2364, + "event": "unlock", + "message": "Unlocking \"&tx_sa->lock\". \"prev_pn\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2368, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_ACTIVE]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2369, + "event": "path", + "message": "Condition \"nla_get_u8(tb_sa[MACSEC_SA_ATTR_ACTIVE])\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2372, + "event": "path", + "message": "Condition \"assoc_num == tx_sc->encoding_sa\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2376, + "event": "path", + "message": "Condition \"macsec_is_offloaded(netdev_priv(dev))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2381, + "event": "path", + "message": "Condition \"!ops\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2383, + "event": "path", + "message": "Jumping to label \"cleanup\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2400, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_PN]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2401, + "event": "lockagain", + "message": "Locking \"&tx_sa->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2402, + "event": "use", + "message": "Using an unreliable value of \"prev_pn\" inside the second locked section. If the data that \"prev_pn\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2400| \tif (tb_sa[MACSEC_SA_ATTR_PN]) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2401| \t\tspin_lock_bh(&tx_sa->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2402|-> \t\ttx_sa->next_pn_halves = prev_pn;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2403| \t\tspin_unlock_bh(&tx_sa->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2404| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "macsec_upd_rxsa", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2427, + "event": "path", + "message": "Condition \"!attrs[MACSEC_ATTR_IFINDEX]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2430, + "event": "path", + "message": "Condition \"parse_rxsc_config(attrs, tb_rxsc)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2433, + "event": "path", + "message": "Condition \"parse_sa_config(attrs, tb_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2436, + "event": "path", + "message": "Condition \"!validate_upd_sa(tb_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2442, + "event": "path", + "message": "Condition \"IS_ERR(rx_sa)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2447, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_PN]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2450, + "event": "path", + "message": "Condition \"secy->xpn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2451, + "event": "path", + "message": "Condition \"nla_len(tb_sa[MACSEC_SA_ATTR_PN]) != pn_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2458, + "event": "lock", + "message": "Locking \"&rx_sa->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2459, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"prev_pn\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2461, + "event": "unlock", + "message": "Unlocking \"&rx_sa->lock\". \"prev_pn\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2465, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_ACTIVE]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2466, + "event": "path", + "message": "Condition \"nla_get_u8(tb_sa[MACSEC_SA_ATTR_ACTIVE])\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2469, + "event": "path", + "message": "Condition \"macsec_is_offloaded(netdev_priv(dev))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2474, + "event": "path", + "message": "Condition \"!ops\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2476, + "event": "path", + "message": "Jumping to label \"cleanup\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2492, + "event": "path", + "message": "Condition \"tb_sa[MACSEC_SA_ATTR_PN]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2493, + "event": "lockagain", + "message": "Locking \"&rx_sa->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/macsec.c", + "line": 2494, + "event": "use", + "message": "Using an unreliable value of \"prev_pn\" inside the second locked section. If the data that \"prev_pn\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2492| \tif (tb_sa[MACSEC_SA_ATTR_PN]) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2493| \t\tspin_lock_bh(&rx_sa->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2494|-> \t\trx_sa->next_pn_halves = prev_pn;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2495| \t\tspin_unlock_bh(&rx_sa->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2496| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "xgmiitorgmii_probe", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/phy.h", + "line": 835, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/phy/xilinx_gmii2rgmii.c", + "line": 90, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| \tpriv->mdio = mdiodev;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| \tpriv->phy_drv = priv->phy_dev->drv;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90|-> \tmemcpy(&priv->conv_phy_drv, priv->phy_dev->drv,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \t sizeof(struct phy_driver));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \tpriv->conv_phy_drv.read_status = xgmiitorgmii_read_status;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ath10k_htt_rx_proc_rx_ind_hl", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2478, + "event": "lock", + "message": "Locking \"&ar->data_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2479, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"peer\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2480, + "event": "unlock", + "message": "Unlocking \"&ar->data_lock\". \"peer\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2481, + "event": "path", + "message": "Condition \"!peer\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2484, + "event": "path", + "message": "Condition \"!peer\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2493, + "event": "path", + "message": "Condition \"fw_desc->u.bits.discard\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2502, + "event": "path", + "message": "Condition \"num_mpdu_ranges > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2507, + "event": "path", + "message": "Condition \"mpdu_ranges->mpdu_range_status != HTT_RX_IND_MPDU_STATUS_OK\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2507, + "event": "path", + "message": "Condition \"mpdu_ranges->mpdu_range_status != HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2519, + "event": "path", + "message": "Condition \"(rx_desc_info & 65536) >> 16\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2520, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2525, + "event": "path", + "message": "Condition \"rx->fw_desc.flags & (1 /* 1 << 0 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2529, + "event": "path", + "message": "Condition \"check_pn_type == HTT_RX_PN_CHECK\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2529, + "event": "path", + "message": "Condition \"tid >= 16\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2530, + "event": "lockagain", + "message": "Locking \"&ar->data_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath10k/htt_rx.c", + "line": 2531, + "event": "use", + "message": "Using an unreliable value of \"peer\" inside the second locked section. If the data that \"peer\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2529| \tif (check_pn_type == HTT_RX_PN_CHECK && tid >= IEEE80211_NUM_TIDS) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2530| \t\tspin_lock_bh(&ar->data_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2531|-> \t\tpn_invalid = ath10k_htt_rx_pn_check_replay_hl(ar, peer, rx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2532| \t\tspin_unlock_bh(&ar->data_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2533| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ath11k_dbring_bufs_replenish", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 64, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 67, + "event": "lock", + "message": "Locking \"&ring->idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 68, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"buf_id\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 69, + "event": "unlock", + "message": "Unlocking \"&ring->idr_lock\". \"buf_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 70, + "event": "path", + "message": "Condition \"buf_id < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 76, + "event": "path", + "message": "Condition \"!desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 78, + "event": "path", + "message": "Jumping to label \"err_idr_remove\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 94, + "event": "lockagain", + "message": "Locking \"&ring->idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dbring.c", + "line": 95, + "event": "use", + "message": "Using an unreliable value of \"buf_id\" inside the second locked section. If the data that \"buf_id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| err_idr_remove:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \tspin_lock_bh(&ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95|-> \tidr_remove(&ring->bufs_idr, buf_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| \tspin_unlock_bh(&ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| err_dma_unmap:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ath11k_dp_rxbufs_replenish", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 357, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x428 < __UNIQUE_ID___y429\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 366, + "event": "path", + "message": "Condition \"!req_entries\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 366, + "event": "path", + "message": "Condition \"num_free > rx_ring->bufs_max * 3 / 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 369, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x430 < __UNIQUE_ID___y431\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 372, + "event": "path", + "message": "Condition \"num_remain > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 375, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 378, + "event": "path", + "message": "Condition \"!(((unsigned long)skb->data & 127UL /* (unsigned long)128 - 1 */) == 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 388, + "event": "path", + "message": "Condition \"dma_mapping_error(ab->dev, paddr)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 391, + "event": "lock", + "message": "Locking \"&rx_ring->idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 392, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"buf_id\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 394, + "event": "unlock", + "message": "Unlocking \"&rx_ring->idr_lock\". \"buf_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 395, + "event": "path", + "message": "Condition \"buf_id <= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 399, + "event": "path", + "message": "Condition \"!desc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 400, + "event": "path", + "message": "Jumping to label \"fail_idr_remove\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 419, + "event": "lockagain", + "message": "Locking \"&rx_ring->idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 420, + "event": "use", + "message": "Using an unreliable value of \"buf_id\" inside the second locked section. If the data that \"buf_id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418| fail_idr_remove:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| \tspin_lock_bh(&rx_ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420|-> \tidr_remove(&rx_ring->bufs_idr, buf_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421| \tspin_unlock_bh(&rx_ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 422| fail_dma_unmap:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ath11k_dp_rx_h_defrag_reo_reinject", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3388, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3388, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 1)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3388, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 2)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 3)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3388, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 6)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3388, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 7)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 8)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 9)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3391, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3391, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 0) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3391, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 0) >> __builtin_ffsll(1UL << 0) - 1) & 1 : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3391, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 0) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3391, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 0) + (1ULL << __builtin_ffsll(1UL << 0) - 1) & (1UL << 0) + (1ULL << __builtin_ffsll(1UL << 0) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3392, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3392, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 1) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3392, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 1) >> __builtin_ffsll(1UL << 1) - 1) & 1 : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3392, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 1) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3392, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 1) + (1ULL << __builtin_ffsll(1UL << 1) - 1) & (1UL << 1) + (1ULL << __builtin_ffsll(1UL << 1) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3393, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3393, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3393, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0 : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3393, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3393, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 15)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"!!(0 ? 18446744073709535232UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 16)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 17)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) - 1) */ & defrag_skb->len - hal_rx_desc_sz : 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 20)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3394, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 21)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 22)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 23)]) + (~0UL - (1UL << 3) + 1 & (~0UL >> 64 - 1 - 16)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 29)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"!!(0 ? 18446744073709551584UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 30)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 31)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) */ & dst_idx : 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 34)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3396, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 35)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 36)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 37)]) + (~0UL - (1UL << 17) + 1 & (~0UL >> 64 - 1 - 21)) + (1ULL << __builtin_ffsll((int)sizeof (struct [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3397, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3397, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 23) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3397, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 23) >> __builtin_ffsll(1UL << 23) - 1) & 1 : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3397, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 23) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3397, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 23) + (1ULL << __builtin_ffsll(1UL << 23) - 1) & (1UL << 23) + (1ULL << __builtin_ffsll(1UL << 23) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3398, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3398, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 25) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3398, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 25) >> __builtin_ffsll(1UL << 25) - 1) & 1 : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3398, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 25) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3398, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 25) + (1ULL << __builtin_ffsll(1UL << 25) - 1) & (1UL << 25) + (1ULL << __builtin_ffsll(1UL << 25) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3407, + "event": "path", + "message": "Condition \"dma_mapping_error(ab->dev, paddr)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3410, + "event": "lock", + "message": "Locking \"&rx_refill_ring->idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3411, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"buf_id\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3413, + "event": "unlock", + "message": "Unlocking \"&rx_refill_ring->idr_lock\". \"buf_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3414, + "event": "path", + "message": "Condition \"buf_id < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 43)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"!!(0 ? 18446744073709551608UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 44)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 45)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) - 1) */ & dp->mac_id : 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 48)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3420, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 49)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 50)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 51)]) + (~0UL - (1UL << 18) + 1 & (~0UL >> 64 - 1 - 20)) + (1ULL << __builtin_ffsll((int)sizeof (struct [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 57)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"!!(0 ? 18446744073709289472UL /* ~((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 58)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) >> __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 59)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) - 1) */ & buf_id : 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 62)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) > (unsigned long long)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3421, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 63)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) + (1ULL << __builtin_ffsll((int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 64)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17))) - 1) & (int)sizeof (struct ath11k_dp_rx_h_defrag_reo_reinject::[unnamed type (instance 65)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 17)) + (1ULL << __builtin_ffsll((int)sizeof (struct at [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3434, + "event": "path", + "message": "Condition \"!reo_ent_ring\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3436, + "event": "unlock", + "message": "Unlocking \"&srng->lock\". \"buf_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3438, + "event": "path", + "message": "Jumping to label \"err_free_idr\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3467, + "event": "lockagain", + "message": "Locking \"&rx_refill_ring->idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3468, + "event": "use", + "message": "Using an unreliable value of \"buf_id\" inside the second locked section. If the data that \"buf_id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3466| err_free_idr:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3467| \tspin_lock_bh(&rx_refill_ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3468|-> \tidr_remove(&rx_refill_ring->bufs_idr, buf_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3469| \tspin_unlock_bh(&rx_refill_ring->idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3470| err_unmap_dma:", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/dp_rx.c", + "line": 3468, + "event": "note", + "message": "trimmed 5 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ath11k_mac_mgmt_tx_wmi", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5781, + "event": "lock", + "message": "Locking \"&ar->txmgmt_idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5782, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"buf_id\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5784, + "event": "unlock", + "message": "Unlocking \"&ar->txmgmt_idr_lock\". \"buf_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5786, + "event": "path", + "message": "Condition \"ath11k_debug_mask & ATH11K_DBG_MAC\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5789, + "event": "path", + "message": "Condition \"buf_id < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5793, + "event": "path", + "message": "Condition \"!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5794, + "event": "path", + "message": "Condition \"ieee80211_is_action(hdr->frame_control)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5794, + "event": "path", + "message": "Condition \"ieee80211_has_protected(hdr->frame_control)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5803, + "event": "path", + "message": "Condition \"dma_mapping_error(ab->dev, paddr)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5806, + "event": "path", + "message": "Jumping to label \"err_free_idr\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5823, + "event": "lockagain", + "message": "Locking \"&ar->txmgmt_idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/ath/ath11k/mac.c", + "line": 5824, + "event": "use", + "message": "Using an unreliable value of \"buf_id\" inside the second locked section. If the data that \"buf_id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5822| err_free_idr:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5823| \tspin_lock_bh(&ar->txmgmt_idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5824|-> \tidr_remove(&ar->txmgmt_idr, buf_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5825| \tspin_unlock_bh(&ar->txmgmt_idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5826| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "iwlagn_mac_resume", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/intel/iwlwifi/dvm/dev.h", + "line": 487, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c", + "line": 554, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| \tiwlagn_prepare_restart(priv);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> \tmemset((void *)&ctx->active, 0, sizeof(ctx->active));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| \tiwl_connection_init_rx_config(priv, ctx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| \tiwlagn_set_rxon_chain(priv, ctx);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "hwsim_virtio_rx_work", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6361, + "event": "lock", + "message": "Locking \"spinlock_check(&hwsim_virtio_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6362, + "event": "path", + "message": "Condition \"!hwsim_virtio_enabled\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6365, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6366, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6368, + "event": "unlock", + "message": "Unlocking \"&hwsim_virtio_lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6376, + "event": "path", + "message": "Condition \"!hwsim_virtio_enabled\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6375, + "event": "lockagain", + "message": "Locking \"spinlock_check(&hwsim_virtio_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wireless/virtual/mac80211_hwsim.c", + "line": 6381, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6379| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6380| \tvq = hwsim_vqs[HWSIM_VQ_RX];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6381|-> \tsg_init_one(sg, skb->head, skb_end_offset(skb));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6382| \terr = virtqueue_add_inbuf(vq, sg, 1, skb, GFP_ATOMIC);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6383| \tif (WARN(err, \"virtqueue_add_inbuf returned %d\\n\", err))", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "t7xx_dpmaif_release_tx_buffer", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 51, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 93, + "event": "lock", + "message": "Locking \"spinlock_check(&txq->tx_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 95, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cur_idx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 96, + "event": "unlock", + "message": "Unlocking \"&txq->tx_lock\". \"cur_idx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 110, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 110, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 119, + "event": "lockagain", + "message": "Locking \"spinlock_check(&txq->tx_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 120, + "event": "use", + "message": "Using an unreliable value of \"cur_idx\" inside the second locked section. If the data that \"cur_idx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t\tspin_lock_irqsave(&txq->tx_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120|-> \t\tcur_idx = t7xx_ring_buf_get_next_wr_idx(drb_cnt, cur_idx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| \t\ttxq->drb_release_rd_idx = cur_idx;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| \t\tspin_unlock_irqrestore(&txq->tx_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 120, + "event": "note", + "message": "trimmed 3 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "t7xx_dpmaif_release_tx_buffer", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 51, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 93, + "event": "lock", + "message": "Locking \"spinlock_check(&txq->tx_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 94, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"drb_cnt\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 96, + "event": "unlock", + "message": "Unlocking \"&txq->tx_lock\". \"drb_cnt\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 110, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 110, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 98, + "event": "path", + "message": "Condition \"i < release_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 1)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 2)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) >> __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 3)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 6)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"0 /* !!(((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 7)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 8)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1) & (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 9)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) + (1ULL << __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_ [...]", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 100, + "event": "path", + "message": "Condition \"({...; (unsigned long)(((__u32)(__le32)cur_drb->header & 3UL /* (int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 12)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1)) */) >> 0 /* __builtin_ffsll((int)sizeof (struct t7xx_dpmaif_release_tx_buffer::[unnamed type (instance 13)]) + (~0UL - (1UL << 0) + 1 & (~0UL >> 64 - 1 - 1))) - 1 */);}) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 102, + "event": "path", + "message": "Condition \"!cur_drb_skb->is_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!!1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((1UL << 2) == 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(1 ? ~((1UL << 2) >> __builtin_ffsll(1UL << 2) - 1) & 0U : 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!((unsigned long)(1UL << 2) > (unsigned int)~0ULL) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"0 /* !!(((1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) & (1UL << 2) + (1ULL << __builtin_ffsll(1UL << 2) - 1) - 1) != 0) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 106, + "event": "path", + "message": "Condition \"!({...; (unsigned long)(((__u32)(__le32)cur_drb->header & (4UL /* 1UL << 2 */)) >> 2 /* __builtin_ffsll(1UL << 2) - 1 */);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 107, + "event": "path", + "message": "Condition \"!cur_drb_skb->skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 119, + "event": "lockagain", + "message": "Locking \"spinlock_check(&txq->tx_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 120, + "event": "use", + "message": "Using an unreliable value of \"drb_cnt\" inside the second locked section. If the data that \"drb_cnt\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t\tspin_lock_irqsave(&txq->tx_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120|-> \t\tcur_idx = t7xx_ring_buf_get_next_wr_idx(drb_cnt, cur_idx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| \t\ttxq->drb_release_rd_idx = cur_idx;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| \t\tspin_unlock_irqrestore(&txq->tx_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/net/wwan/t7xx/t7xx_hif_dpmaif_tx.c", + "line": 120, + "event": "note", + "message": "trimmed 3 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "__nvdimm_setup_pfn", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/memremap.h", + "line": 23, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/nvdimm/pfn_devs.c", + "line": 710, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708| \t\t\t\t\tle64_to_cpu(nd_pfn->pfn_sb->npfns),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 709| \t\t\t\t\tnd_pfn->npfns);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 710|-> \t\tmemcpy(altmap, &__altmap, sizeof(*altmap));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 711| \t\taltmap->free = PHYS_PFN(offset - reserve);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 712| \t\taltmap->alloc = 0;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "bnx2fc_eh_abort", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1134, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"lport->state != LPORT_ST_READY\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"!lport->link_up\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1147, + "event": "lock", + "message": "Locking \"&tgt->tgt_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1148, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"io_req\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1149, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1161, + "event": "path", + "message": "Condition \"tgt != io_req->tgt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1169, + "event": "path", + "message": "Condition \"tgt->flush_in_prog\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1177, + "event": "path", + "message": "Condition \"io_req->on_active_queue == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1203, + "event": "path", + "message": "Condition \"test_and_set_bit(2, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1226, + "event": "path", + "message": "Condition \"cancel_delayed_work(&io_req->timeout_work)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1232, + "event": "path", + "message": "Condition \"rc == FAILED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1241, + "event": "unlock", + "message": "Unlocking \"&tgt->tgt_lock\". \"io_req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1246, + "event": "path", + "message": "Condition \"time_left\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1252, + "event": "path", + "message": "Condition \"test_bit(9, &io_req->req_flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1250, + "event": "lockagain", + "message": "Locking \"&tgt->tgt_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1253, + "event": "use", + "message": "Using an unreliable value of \"io_req\" inside the second locked section. If the data that \"io_req\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1251| \tio_req->wait_for_abts_comp = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1252| \tif (test_bit(BNX2FC_FLAG_IO_COMPL, &io_req->req_flags)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1253|-> \t\tBNX2FC_IO_DBG(io_req, \"IO completed in a different context\\n\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1254| \t\trc = SUCCESS;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1255| \t} else if (!(test_and_set_bit(BNX2FC_FLAG_ABTS_DONE,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "bnx2fc_eh_abort", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1134, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"lport->state != LPORT_ST_READY\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"!lport->link_up\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1147, + "event": "lock", + "message": "Locking \"&tgt->tgt_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1148, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"io_req\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1149, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1161, + "event": "path", + "message": "Condition \"tgt != io_req->tgt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1169, + "event": "path", + "message": "Condition \"tgt->flush_in_prog\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1177, + "event": "path", + "message": "Condition \"io_req->on_active_queue == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1203, + "event": "path", + "message": "Condition \"test_and_set_bit(2, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1226, + "event": "path", + "message": "Condition \"cancel_delayed_work(&io_req->timeout_work)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1232, + "event": "path", + "message": "Condition \"rc == FAILED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1241, + "event": "unlock", + "message": "Unlocking \"&tgt->tgt_lock\". \"io_req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1246, + "event": "path", + "message": "Condition \"time_left\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1252, + "event": "path", + "message": "Condition \"test_bit(9, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1255, + "event": "path", + "message": "Condition \"!test_and_set_bit(3, &io_req->req_flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1258, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1250, + "event": "lockagain", + "message": "Locking \"&tgt->tgt_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1264, + "event": "use", + "message": "Using an unreliable value of \"io_req\" inside the second locked section. If the data that \"io_req\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1262| \t\t * to SCSI ML.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1263| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1264|-> \t\trc = bnx2fc_abts_cleanup(io_req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1265| \t\tgoto done;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1266| \t} else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "bnx2fc_eh_abort", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1134, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"lport->state != LPORT_ST_READY\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1138, + "event": "path", + "message": "Condition \"!lport->link_up\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1147, + "event": "lock", + "message": "Locking \"&tgt->tgt_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1148, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"io_req\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1149, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1161, + "event": "path", + "message": "Condition \"tgt != io_req->tgt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1169, + "event": "path", + "message": "Condition \"tgt->flush_in_prog\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1177, + "event": "path", + "message": "Condition \"io_req->on_active_queue == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1203, + "event": "path", + "message": "Condition \"test_and_set_bit(2, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1226, + "event": "path", + "message": "Condition \"cancel_delayed_work(&io_req->timeout_work)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1232, + "event": "path", + "message": "Condition \"rc == FAILED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1241, + "event": "unlock", + "message": "Unlocking \"&tgt->tgt_lock\". \"io_req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1246, + "event": "path", + "message": "Condition \"time_left\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1252, + "event": "path", + "message": "Condition \"test_bit(9, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1255, + "event": "path", + "message": "Condition \"!test_and_set_bit(3, &io_req->req_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1250, + "event": "lockagain", + "message": "Locking \"&tgt->tgt_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/bnx2fc/bnx2fc_io.c", + "line": 1272, + "event": "use", + "message": "Using an unreliable value of \"io_req\" inside the second locked section. If the data that \"io_req\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1270| \t\t * completion happens just in time.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1271| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1272|-> \t\tBNX2FC_IO_DBG(io_req, \"abort succeeded\\n\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1273| \t\trc = SUCCESS;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1274| \t\tbnx2fc_scsi_done(io_req, DID_ABORT);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "csio_fcoe_alloc_vnp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 427, + "event": "lock", + "message": "Locking \"&hw->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 428, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mbp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 429, + "event": "path", + "message": "Condition \"!mbp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 443, + "event": "path", + "message": "Condition \"retry < 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 450, + "event": "path", + "message": "Condition \"ret != -16\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 454, + "event": "unlock", + "message": "Unlocking \"&hw->lock\". \"mbp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 457, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 443, + "event": "path", + "message": "Condition \"retry < 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 456, + "event": "lockagain", + "message": "Locking \"&hw->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 449, + "event": "use", + "message": "Using an unreliable value of \"mbp\" inside the second locked section. If the data that \"mbp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 447| \t\t * lock is held till completion of vnp mbox cmd.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 448| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 449|-> \t\tret = csio_mb_issue(hw, mbp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 450| \t\tif (ret != -EBUSY)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 451| \t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "csio_fcoe_free_vnp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 508, + "event": "lock", + "message": "Locking \"&hw->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 509, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mbp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 510, + "event": "path", + "message": "Condition \"!mbp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 520, + "event": "path", + "message": "Condition \"retry < 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 522, + "event": "path", + "message": "Condition \"ret != -16\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 526, + "event": "unlock", + "message": "Unlocking \"&hw->lock\". \"mbp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 529, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 520, + "event": "path", + "message": "Condition \"retry < 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 528, + "event": "lockagain", + "message": "Locking \"&hw->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_attr.c", + "line": 521, + "event": "use", + "message": "Using an unreliable value of \"mbp\" inside the second locked section. If the data that \"mbp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 519| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 520| \tfor (retry = 0; retry < 3; retry++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 521|-> \t\tret = csio_mb_issue(hw, mbp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 522| \t\tif (ret != -EBUSY)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 523| \t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__csio_reg_rnode", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 548, + "event": "infer_lock", + "message": "Assuming \"&hw->lock\" is locked since it is unlocked without prior lock in this function.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 550, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"ln\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 553, + "event": "unlock", + "message": "Unlocking \"&hw->lock\". \"ln\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 557, + "event": "path", + "message": "Condition \"rn->role & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 560, + "event": "path", + "message": "Condition \"rn->nport_id == FC_FID_MGMT_SERV\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 555, + "event": "lockagain", + "message": "Locking \"&hw->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/csiostor/csio_rnode.c", + "line": 561, + "event": "use", + "message": "Using an unreliable value of \"ln\" inside the second locked section. If the data that \"ln\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 560| \tif (rn->nport_id == FC_FID_MGMT_SERV)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 561|-> \t\tcsio_ln_fdmi_start(ln, (void *) rn);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 562| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 563| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fcoe_check_wait_queue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 404, + "event": "path", + "message": "Condition \"skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 407, + "event": "path", + "message": "Condition \"port->fcoe_pending_queue_active\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 411, + "event": "path", + "message": "Condition \"port->fcoe_pending_queue.qlen\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 418, + "event": "lock", + "message": "Locking \"&port->fcoe_pending_queue.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 420, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 428, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 411, + "event": "path", + "message": "Condition \"port->fcoe_pending_queue.qlen\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 414, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 416, + "event": "unlock", + "message": "Unlocking \"&port->fcoe_pending_queue.lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 420, + "event": "path", + "message": "Condition \"rc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 418, + "event": "lockagain", + "message": "Locking \"&port->fcoe_pending_queue.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fcoe/fcoe_transport.c", + "line": 421, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| \t\tif (rc) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421|-> \t\t\t__skb_queue_head(&port->fcoe_pending_queue, skb);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 422| \t\t\t/* undo temporary increment above */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 423| \t\t\tport->fcoe_pending_queue.qlen--;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_set_eth_mode", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1220, + "event": "lock", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1222, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1223, + "event": "path", + "message": "Switch case value \"FNIC_IN_FC_MODE\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1228, + "event": "unlock", + "message": "Unlocking \"&fnic->fnic_lock\". \"old_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1233, + "event": "path", + "message": "Condition \"fnic->state != FNIC_IN_FC_TRANS_ETH_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1235, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1232, + "event": "lockagain", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_fcs.c", + "line": 1236, + "event": "use", + "message": "Using an unreliable value of \"old_state\" inside the second locked section. If the data that \"old_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1234| \t\t\tgoto again;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1235| \t\tif (ret)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1236|-> \t\t\tfnic->state = old_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1237| \t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1238| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_rport_abort_io_iter", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1576, + "event": "lock", + "message": "Locking \"spinlock_check(io_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1580, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1580, + "event": "path", + "message": "Condition \"io_req->port_id != iter_data->port_id\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1585, + "event": "path", + "message": "Condition \"sc->SCp.Status & (4096UL /* 1UL << 12 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1585, + "event": "path", + "message": "Condition \"!(sc->SCp.Status & (8192UL /* 1UL << 13 */))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1598, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1602, + "event": "path", + "message": "Condition \"io_req->abts_done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1609, + "event": "path", + "message": "Condition \"!(sc->SCp.Status & (2UL /* 1UL << 1 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1616, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_ioreq_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1619, + "event": "path", + "message": "Condition \"sc->SCp.Status & (4096UL /* 1UL << 12 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1623, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1625, + "event": "path", + "message": "Condition \"io_req->abts_done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1627, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1630, + "event": "unlock", + "message": "Unlocking \"io_lock\". \"old_ioreq_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1635, + "event": "path", + "message": "Condition \"fnic_queue_abort_io_req(fnic, abt_tag, FCPIO_ITMF_ABT_TASK_TERM, fc_lun.scsi_lun, io_req)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1645, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1644, + "event": "lockagain", + "message": "Locking \"spinlock_check(io_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1646, + "event": "use", + "message": "Using an unreliable value of \"old_ioreq_state\" inside the second locked section. If the data that \"old_ioreq_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1644| \t\tspin_lock_irqsave(io_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1645| \t\tif (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1646|-> \t\t\tCMD_STATE(sc) = old_ioreq_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1647| \t\tspin_unlock_irqrestore(io_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1648| \t} else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_abort_cmd", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1757, + "event": "path", + "message": "Condition \"scsi_is_fc_rport(scsi_target(sc->device)->dev.parent)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1758, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1765, + "event": "path", + "message": "Condition \"lp->state != LPORT_ST_READY\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1765, + "event": "path", + "message": "Condition \"!lp->link_up\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1783, + "event": "lock", + "message": "Locking \"spinlock_check(io_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1785, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1792, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1798, + "event": "path", + "message": "Condition \"abt_issued_time <= 6000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1799, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1813, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1821, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_ioreq_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1825, + "event": "unlock", + "message": "Unlocking \"io_lock\". \"old_ioreq_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1832, + "event": "path", + "message": "Condition \"fc_remote_port_chkready(rport) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1833, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1842, + "event": "path", + "message": "Condition \"fnic_queue_abort_io_req(fnic, tag, task_req, fc_lun.scsi_lun, io_req)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1845, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1844, + "event": "lockagain", + "message": "Locking \"spinlock_check(io_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 1846, + "event": "use", + "message": "Using an unreliable value of \"old_ioreq_state\" inside the second locked section. If the data that \"old_ioreq_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1844| \t\tspin_lock_irqsave(io_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1845| \t\tif (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1846|-> \t\t\tCMD_STATE(sc) = old_ioreq_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1847| \t\tio_req = (struct fnic_io_req *)CMD_SP(sc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1848| \t\tif (io_req)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_pending_aborts_iter", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2031, + "event": "path", + "message": "Condition \"sc == iter_data->lr_sc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2031, + "event": "path", + "message": "Condition \"sc->device != lun_dev\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2035, + "event": "lock", + "message": "Locking \"spinlock_check(io_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2037, + "event": "path", + "message": "Condition \"!io_req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2046, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2050, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2054, + "event": "path", + "message": "Condition \"sc->SCp.Status & (4096UL /* 1UL << 12 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2054, + "event": "path", + "message": "Condition \"!(sc->SCp.Status & (8192UL /* 1UL << 13 */))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2063, + "event": "path", + "message": "Condition \"io_req->abts_done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2067, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_ioreq_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2077, + "event": "path", + "message": "Condition \"io_req->abts_done\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2079, + "event": "path", + "message": "Condition \"sc->SCp.Status & (4096UL /* 1UL << 12 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2081, + "event": "path", + "message": "Condition \"!!(fnic_log_level & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2087, + "event": "unlock", + "message": "Unlocking \"io_lock\". \"old_ioreq_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2092, + "event": "path", + "message": "Condition \"fnic_queue_abort_io_req(fnic, abt_tag, FCPIO_ITMF_ABT_TASK_TERM, fc_lun.scsi_lun, io_req)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2097, + "event": "path", + "message": "Condition \"io_req\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2099, + "event": "path", + "message": "Condition \"sc->SCp.phase == FNIC_IOREQ_ABTS_PENDING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2095, + "event": "lockagain", + "message": "Locking \"spinlock_check(io_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2100, + "event": "use", + "message": "Using an unreliable value of \"old_ioreq_state\" inside the second locked section. If the data that \"old_ioreq_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2098| \t\t\tio_req->abts_done = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2099| \t\tif (CMD_STATE(sc) == FNIC_IOREQ_ABTS_PENDING)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2100|-> \t\t\tCMD_STATE(sc) = old_ioreq_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2101| \t\tspin_unlock_irqrestore(io_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2102| \t\titer_data->ret = FAILED;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_scsi_abort_io", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2580, + "event": "lock", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2581, + "event": "path", + "message": "Condition \"!!(fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2581, + "event": "path", + "message": "Condition \"fnic->link_events\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2590, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2593, + "event": "unlock", + "message": "Unlocking \"&fnic->fnic_lock\". \"old_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2596, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2598, + "event": "path", + "message": "Condition \"fnic->state == FNIC_IN_FC_TRANS_ETH_MODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2597, + "event": "lockagain", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2599, + "event": "use", + "message": "Using an unreliable value of \"old_state\" inside the second locked section. If the data that \"old_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2597| \t\tspin_lock_irqsave(&fnic->fnic_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2598| \t\tif (fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2599|-> \t\t\tfnic->state = old_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2600| \t\tfnic->remove_wait = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2601| \t\tspin_unlock_irqrestore(&fnic->fnic_lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "fnic_scsi_cleanup", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2630, + "event": "lock", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2631, + "event": "path", + "message": "Condition \"!!(fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2637, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2640, + "event": "unlock", + "message": "Unlocking \"&fnic->fnic_lock\". \"old_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2642, + "event": "path", + "message": "Condition \"fnic_fw_reset_handler(fnic)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2644, + "event": "path", + "message": "Condition \"fnic->state == FNIC_IN_FC_TRANS_ETH_MODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2643, + "event": "lockagain", + "message": "Locking \"spinlock_check(&fnic->fnic_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/fnic/fnic_scsi.c", + "line": 2645, + "event": "use", + "message": "Using an unreliable value of \"old_state\" inside the second locked section. If the data that \"old_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2643| \t\tspin_lock_irqsave(&fnic->fnic_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2644| \t\tif (fnic->state == FNIC_IN_FC_TRANS_ETH_MODE)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2645|-> \t\t\tfnic->state = old_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2646| \t\tspin_unlock_irqrestore(&fnic->fnic_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2647| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "hpsa_offline_devices_ready", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8486, + "event": "lock", + "message": "Locking \"spinlock_check(&h->offline_device_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8487, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8487, + "event": "path", + "message": "Condition \"!list_is_head(this, &h->offline_device_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8490, + "event": "unlock", + "message": "Unlocking \"&h->offline_device_lock\". \"tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8491, + "event": "path", + "message": "Condition \"!hpsa_volume_offline(h, d->scsi3addr)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8498, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8497, + "event": "lockagain", + "message": "Locking \"spinlock_check(&h->offline_device_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/hpsa.c", + "line": 8487, + "event": "use", + "message": "Using an unreliable value of \"tmp\" inside the second locked section. If the data that \"tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8485| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8486| \tspin_lock_irqsave(&h->offline_device_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8487|-> \tlist_for_each_safe(this, tmp, &h->offline_device_list) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8488| \t\td = list_entry(this, struct offline_device_entry,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8489| \t\t\t\toffline_list);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_bsg_hba_set_event", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1178, + "event": "path", + "message": "Condition \"job->request_len < 36UL /* sizeof (struct fc_bsg_request) + sizeof (struct set_ct_event) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1191, + "event": "lock", + "message": "Locking \"spinlock_check(&phba->ct_ev_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1192, + "event": "path", + "message": "Condition \"!(&evt->node == &phba->ct_ev_waiters)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1193, + "event": "path", + "message": "Condition \"evt->reg_id == event_req->ev_reg_id\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1196, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"dd_data\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1197, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1200, + "event": "unlock", + "message": "Unlocking \"&phba->ct_ev_lock\". \"dd_data\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1202, + "event": "path", + "message": "Condition \"&evt->node == &phba->ct_ev_waiters\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1231, + "event": "lockagain", + "message": "Locking \"spinlock_check(&phba->ct_ev_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_bsg.c", + "line": 1234, + "event": "use", + "message": "Using an unreliable value of \"dd_data\" inside the second locked section. If the data that \"dd_data\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1232| \tevt->waiting = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1233| \tdd_data->set_job = job; /* for unsolicited command */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1234|-> \tjob->dd_data = dd_data; /* for fc transport timeout callback*/", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1235| \tspin_unlock_irqrestore(&phba->ct_ev_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1236| \treturn 0; /* call job done later */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_els_flush_cmd", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9616, + "event": "lock", + "message": "Locking \"spinlock_check(&phba->hbalock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9617, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pring\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9620, + "event": "path", + "message": "Condition \"!!!pring\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9625, + "event": "path", + "message": "Condition \"phba->sli_rev == 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9629, + "event": "path", + "message": "Condition \"!(&piocb->list == &pring->txcmplq)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9630, + "event": "path", + "message": "Condition \"piocb->cmd_flag & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9631, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9629, + "event": "path", + "message": "Condition \"!(&piocb->list == &pring->txcmplq)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9630, + "event": "path", + "message": "Condition \"piocb->cmd_flag & 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9633, + "event": "path", + "message": "Condition \"piocb->vport != vport\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9636, + "event": "path", + "message": "Condition \"piocb->cmd_flag & 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9643, + "event": "path", + "message": "Condition \"ulp_command == 138\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9653, + "event": "path", + "message": "Condition \"phba->link_state == LPFC_LINK_DOWN\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9656, + "event": "path", + "message": "Condition \"ulp_command == 194\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9629, + "event": "path", + "message": "Condition \"!(&piocb->list == &pring->txcmplq)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9660, + "event": "path", + "message": "Condition \"phba->sli_rev == 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9662, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"pring\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9665, + "event": "path", + "message": "Condition \"!(&piocb->dlist == &abort_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9666, + "event": "lockagain", + "message": "Locking \"spinlock_check(&phba->hbalock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_els.c", + "line": 9668, + "event": "use", + "message": "Using an unreliable value of \"pring\" inside the second locked section. If the data that \"pring\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9666| \t\tspin_lock_irqsave(&phba->hbalock, iflags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9667| \t\tlist_del_init(&piocb->dlist);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9668|-> \t\tlpfc_sli_issue_abort_iotag(phba, pring, piocb, NULL);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9669| \t\tspin_unlock_irqrestore(&phba->hbalock, iflags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9670| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_sli4_create_rpi_hdr", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8961, + "event": "path", + "message": "Condition \"!phba->sli4_hba.rpi_hdrs_in_use\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8963, + "event": "path", + "message": "Condition \"phba->sli4_hba.extents_in_use\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8969, + "event": "lock", + "message": "Locking \"&phba->hbalock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8975, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"curr_rpi_range\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8976, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"curr_rpi_range\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8979, + "event": "path", + "message": "Condition \"curr_rpi_range == rpi_limit\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8987, + "event": "path", + "message": "Condition \"!dmabuf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8993, + "event": "path", + "message": "Condition \"!dmabuf->virt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 8998, + "event": "path", + "message": "Condition \"!((dmabuf->phys & 4095ULL /* (dma_addr_t)4096 - 1 */) == 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 9005, + "event": "path", + "message": "Condition \"!rpi_hdr\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 9011, + "event": "lockagain", + "message": "Locking \"&phba->hbalock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_init.c", + "line": 9014, + "event": "use", + "message": "Using an unreliable value of \"curr_rpi_range\" inside the second locked section. If the data that \"curr_rpi_range\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9012| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9013| \t/* The rpi_hdr stores the logical index only. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9014|-> \trpi_hdr->start_rpi = curr_rpi_range;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9015| \trpi_hdr->next_rpi = phba->sli4_hba.next_rpi + LPFC_RPI_HDR_COUNT;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 9016| \tlist_add_tail(&rpi_hdr->list, &phba->sli4_hba.lpfc_rpi_hdr_list);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_sli_next_iotag", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2122, + "event": "lock", + "message": "Locking \"&phba->hbalock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2123, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"iotag\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2124, + "event": "path", + "message": "Condition \"++iotag < psli->iocbq_lookup_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2130, + "event": "path", + "message": "Condition \"psli->iocbq_lookup_len < 64511UL /* 65535 - 1024 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2133, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"iotag\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2136, + "event": "path", + "message": "Condition \"new_arr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2139, + "event": "path", + "message": "Condition \"new_len <= psli->iocbq_lookup_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2153, + "event": "path", + "message": "Condition \"psli->iocbq_lookup\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2137, + "event": "lockagain", + "message": "Locking \"&phba->hbalock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 2159, + "event": "use", + "message": "Using an unreliable value of \"iotag\" inside the second locked section. If the data that \"iotag\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2157| \t\t\tpsli->iocbq_lookup = new_arr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2158| \t\t\tpsli->iocbq_lookup_len = new_len;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2159|-> \t\t\tpsli->last_iotag = iotag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2160| \t\t\tpsli->iocbq_lookup[iotag] = iocbq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2161| \t\t\tspin_unlock_irq(&phba->hbalock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_sli_handle_fast_ring_event", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 124, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4014, + "event": "path", + "message": "Condition \"!!(portRspPut >= portRspMax)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4019, + "event": "path", + "message": "Condition \"phba->fcp_ring_in_use\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4089, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4089, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4094, + "event": "path", + "message": "Condition \"!!!cmdiocbq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4095, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4089, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4084, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4089, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_ABORT_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4083, + "event": "path", + "message": "Condition \"!!(irsp->ulpCommand == 23)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4094, + "event": "path", + "message": "Condition \"!!!cmdiocbq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4096, + "event": "path", + "message": "Condition \"cmdiocbq->cmd_flag & 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4098, + "event": "path", + "message": "Condition \"cmdiocbq->cmd_cmpl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4103, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case value \"LPFC_UNSOL_IOCB\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4107, + "event": "lock", + "message": "Locking \"spinlock_check(&phba->hbalock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4108, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4140, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx == portRspPut\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4142, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4026, + "event": "path", + "message": "Condition \"pring->sli.sli3.rspidx != portRspPut\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4035, + "event": "path", + "message": "Condition \"++pring->sli.sli3.rspidx >= portRspMax\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4044, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"type\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4048, + "event": "path", + "message": "Condition \"!!irsp->ulpStatus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"irsp->ulpStatus == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4053, + "event": "path", + "message": "Condition \"(irsp->un.ulpWord[4] & 511) == 17\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4056, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"type\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"2048 & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Condition \"0U /* 2048 & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4062, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4076, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4110, + "event": "path", + "message": "Condition \"irsp->ulpCommand == 32\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4120, + "event": "path", + "message": "Condition \"0x80000000U & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4120, + "event": "path", + "message": "Condition \"1 /* 0x80000000U & 0x80000000U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4120, + "event": "path", + "message": "Condition \"!log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4058, + "event": "lockagain", + "message": "Locking \"spinlock_check(&phba->hbalock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 4120, + "event": "use", + "message": "Using an unreliable value of \"type\" inside the second locked section. If the data that \"type\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4118| \t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4119| \t\t\t\t/* Unknown IOCB command */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4120|-> \t\t\t\tlpfc_printf_log(phba, KERN_ERR, LOG_TRACE_EVENT,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4121| \t\t\t\t\t\t\"0334 Unknown IOCB command \"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4122| \t\t\t\t\t\t\"Data: x%x, x%x x%x x%x x%x\\n\",", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_sli4_post_async_mbox", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10232, + "event": "path", + "message": "Condition \"!!!phba->sli4_hba.intr_enable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10236, + "event": "lock", + "message": "Locking \"spinlock_check(&phba->hbalock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10237, + "event": "path", + "message": "Condition \"!!(psli->sli_flag & 8192)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10241, + "event": "path", + "message": "Condition \"psli->sli_flag & 256\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10245, + "event": "path", + "message": "Condition \"!!phba->sli.mbox_active\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10255, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mboxq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10258, + "event": "path", + "message": "Condition \"!mboxq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10264, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"mboxq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10268, + "event": "path", + "message": "Condition \"!!rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10280, + "event": "path", + "message": "Condition \"(2052U /* 4 | 0x800 */) & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10280, + "event": "path", + "message": "Condition \"0U /* (4 | 0x800) & 0x80000000U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10280, + "event": "path", + "message": "Condition \"mboxq->vport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10280, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10288, + "event": "path", + "message": "Condition \"mbx_cmnd != 49\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10289, + "event": "path", + "message": "Condition \"mboxq->vport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10295, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10307, + "event": "path", + "message": "Condition \"rc != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10308, + "event": "path", + "message": "Condition \"0x80000000U & log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10308, + "event": "path", + "message": "Condition \"1 /* 0x80000000U & 0x80000000U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10308, + "event": "path", + "message": "Condition \"!log_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10308, + "event": "path", + "message": "Condition \"mboxq->vport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10308, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10316, + "event": "path", + "message": "Jumping to label \"out_not_finished\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10323, + "event": "path", + "message": "Condition \"phba->sli.mbox_active\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10322, + "event": "lockagain", + "message": "Locking \"spinlock_check(&phba->hbalock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 10325, + "event": "use", + "message": "Using an unreliable value of \"mboxq\" inside the second locked section. If the data that \"mboxq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10323| \tif (phba->sli.mbox_active) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10324| \t\tmboxq->u.mb.mbxStatus = MBX_NOT_FINISHED;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10325|-> \t\t__lpfc_mbox_cmpl_put(phba, mboxq);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10326| \t\t/* Release the token */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10327| \t\tpsli->sli_flag &= ~LPFC_SLI_MBOX_ACTIVE;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "lpfc_sli4_sp_handle_mbox_event", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14347, + "event": "path", + "message": "Condition \"!((mcqe->trailer >> 28) & 1)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14351, + "event": "lock", + "message": "Locking \"spinlock_check(&phba->hbalock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14352, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pmb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14353, + "event": "path", + "message": "Condition \"!!!pmb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14359, + "event": "unlock", + "message": "Unlocking \"&phba->hbalock\". \"pmb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14370, + "event": "path", + "message": "Condition \"pmb->mbox_cmpl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14370, + "event": "path", + "message": "Condition \"mbox\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14378, + "event": "path", + "message": "Condition \"mcqe_status != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14379, + "event": "path", + "message": "Condition \"((mqe->word0 >> 16) & 65535) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14383, + "event": "path", + "message": "Condition \"pmb->mbox_flag & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14389, + "event": "path", + "message": "Condition \"mcqe_status == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14425, + "event": "unlock", + "message": "Unlocking \"&phba->pport->work_port_lock\". \"pmb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14428, + "event": "path", + "message": "Condition \"(*pmbox).mbxCommand == 49\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14447, + "event": "lockagain", + "message": "Locking \"spinlock_check(&phba->hbalock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/lpfc/lpfc_sli.c", + "line": 14448, + "event": "use", + "message": "Using an unreliable value of \"pmb\" inside the second locked section. If the data that \"pmb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "14446| \t/* There is mailbox completion work to queue to the worker thread */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "14447| \tspin_lock_irqsave(&phba->hbalock, iflags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "14448|-> \t__lpfc_mbox_cmpl_put(phba, pmb);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "14449| \tphba->work_ha |= HA_MBATT;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "14450| \tspin_unlock_irqrestore(&phba->hbalock, iflags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "qla24xx_create_new_sess", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5301, + "event": "lock", + "message": "Locking \"spinlock_check(&vha->hw->tgt.sess_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5302, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"fcport\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5303, + "event": "path", + "message": "Condition \"fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5305, + "event": "path", + "message": "Condition \"pla\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5316, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5377, + "event": "unlock", + "message": "Unlocking \"&vha->hw->tgt.sess_lock\". \"fcport\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5379, + "event": "path", + "message": "Condition \"fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5385, + "event": "path", + "message": "Condition \"pla\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5414, + "event": "path", + "message": "Condition \"tfcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5414, + "event": "path", + "message": "Condition \"tfcp != fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5423, + "event": "path", + "message": "Switch case value \"DSC_DELETE_PEND\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5411, + "event": "lockagain", + "message": "Locking \"spinlock_check(&vha->hw->tgt.sess_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5428, + "event": "use", + "message": "Using an unreliable value of \"fcport\" inside the second locked section. If the data that \"fcport\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5426| \t\t\t\tcase DSC_DELETE_PEND:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5427| \t\t\t\t\tfcport->login_pause = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5428|-> \t\t\t\t\ttfcp->conflict = fcport;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5429| \t\t\t\t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5430| \t\t\t\tdefault:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "qla24xx_create_new_sess", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5301, + "event": "lock", + "message": "Locking \"spinlock_check(&vha->hw->tgt.sess_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5302, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"fcport\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5303, + "event": "path", + "message": "Condition \"fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5305, + "event": "path", + "message": "Condition \"pla\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5316, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5377, + "event": "unlock", + "message": "Unlocking \"&vha->hw->tgt.sess_lock\". \"fcport\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5379, + "event": "path", + "message": "Condition \"fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5385, + "event": "path", + "message": "Condition \"pla\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5414, + "event": "path", + "message": "Condition \"tfcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5414, + "event": "path", + "message": "Condition \"tfcp != fcport\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5423, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5411, + "event": "lockagain", + "message": "Locking \"spinlock_check(&vha->hw->tgt.sess_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_os.c", + "line": 5432, + "event": "use", + "message": "Using an unreliable value of \"fcport\" inside the second locked section. If the data that \"fcport\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5430| \t\t\t\tdefault:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5431| \t\t\t\t\tfcport->login_pause = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5432|-> \t\t\t\t\ttfcp->conflict = fcport;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5433| \t\t\t\t\tdfcp = tfcp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5434| \t\t\t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "qlt_24xx_handle_els", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 4974, + "event": "path", + "message": "Switch case value \"32\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 4980, + "event": "path", + "message": "Condition \"ha->prev_topology == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 4980, + "event": "path", + "message": "Condition \"!ha->current_topology\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 4980, + "event": "path", + "message": "Condition \"ha->current_topology == 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 4980, + "event": "path", + "message": "Condition \"!ha->current_topology\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5007, + "event": "path", + "message": "Condition \"port_id.b.domain == 255\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5007, + "event": "path", + "message": "Condition \"(port_id.b.area & 0xf0) == 0xf0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5014, + "event": "path", + "message": "Condition \"wwn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5015, + "event": "lock", + "message": "Locking \"spinlock_check(&tgt->ha->tgt.sess_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5016, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sess\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5018, + "event": "unlock", + "message": "Unlocking \"&tgt->ha->tgt.sess_lock\". \"sess\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5021, + "event": "path", + "message": "Condition \"conflict_sess\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5022, + "event": "path", + "message": "Switch case value \"DSC_DELETED\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5025, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5038, + "event": "path", + "message": "Condition \"sess != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5042, + "event": "path", + "message": "Condition \"vha->hw->flags.edif_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5042, + "event": "path", + "message": "Condition \"sess\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5042, + "event": "path", + "message": "Condition \"!(sess->flags & 64)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5042, + "event": "path", + "message": "Condition \"!sess->edif.authok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5053, + "event": "path", + "message": "Switch case value \"DSC_LS_PLOGI_PEND\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5057, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5063, + "event": "path", + "message": "Switch case value \"DSC_LOGIN_PEND\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5085, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5090, + "event": "path", + "message": "Condition \"delete\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5052, + "event": "lockagain", + "message": "Locking \"spinlock_check(&tgt->ha->tgt.sess_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/qla2xxx/qla_target.c", + "line": 5110, + "event": "use", + "message": "Using an unreliable value of \"sess\" inside the second locked section. If the data that \"sess\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5108| \t\t\t * since we have deleted the old session during PLOGI", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5109| \t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5110|-> \t\t\tql_dbg(ql_dbg_tgt_mgt, vha, 0xf096,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5111| \t\t\t \"PRLI (loop_id %#04x) for existing sess %p (loop_id %#04x)\\n\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5112| \t\t\t sess->loop_id, sess, iocb->u.isp24.nport_handle);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "schedule_resp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5602, + "event": "path", + "message": "Condition \"!!(devip == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5609, + "event": "path", + "message": "Condition \"delta_jiff == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5613, + "event": "lock", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5614, + "event": "path", + "message": "Condition \"!!atomic_read(&sqp->blocked)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"qdepth > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"num_in_q >= qdepth\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5621, + "event": "path", + "message": "Condition \"scsi_result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5626, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5638, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"k\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5639, + "event": "path", + "message": "Condition \"!!(k >= sdebug_max_queue)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5655, + "event": "unlock", + "message": "Unlocking \"&sqp->qc_lock\". \"k\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5657, + "event": "path", + "message": "Condition \"!sd_dp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5659, + "event": "path", + "message": "Condition \"!sd_dp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5665, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5670, + "event": "path", + "message": "Condition \"sdebug_host_max_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5673, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5677, + "event": "path", + "message": "Condition \"pfp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5678, + "event": "path", + "message": "Condition \"cmnd->result & 0x40000000\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"scsi_result != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5684, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"sdebug_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"cmnd->result\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"ndelay > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5699, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5712, + "event": "path", + "message": "Condition \"sdebug_random\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5714, + "event": "path", + "message": "Condition \"ndelay < 1000000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5717, + "event": "path", + "message": "Condition \"kt <= d\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5718, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5721, + "event": "use", + "message": "Using an unreliable value of \"k\" inside the second locked section. If the data that \"k\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5719| \t\t\t\t\tsqcp->a_cmnd = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5720| \t\t\t\t\tatomic_dec(&devip->num_in_q);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5721|-> \t\t\t\t\tclear_bit(k, sqp->in_use_bm);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5722| \t\t\t\t\tspin_unlock_irqrestore(&sqp->qc_lock, iflags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5723| \t\t\t\t\tif (new_sd_dp)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "schedule_resp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5602, + "event": "path", + "message": "Condition \"!!(devip == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5609, + "event": "path", + "message": "Condition \"delta_jiff == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5613, + "event": "lock", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5614, + "event": "path", + "message": "Condition \"!!atomic_read(&sqp->blocked)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"qdepth > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"num_in_q >= qdepth\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5621, + "event": "path", + "message": "Condition \"scsi_result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5626, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5638, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"k\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5639, + "event": "path", + "message": "Condition \"!!(k >= sdebug_max_queue)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5655, + "event": "unlock", + "message": "Unlocking \"&sqp->qc_lock\". \"k\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5657, + "event": "path", + "message": "Condition \"!sd_dp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5659, + "event": "path", + "message": "Condition \"!sd_dp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5665, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5670, + "event": "path", + "message": "Condition \"sdebug_host_max_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5673, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5677, + "event": "path", + "message": "Condition \"pfp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5678, + "event": "path", + "message": "Condition \"cmnd->result & 0x40000000\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"scsi_result != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5684, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"sdebug_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"cmnd->result\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5699, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5702, + "event": "path", + "message": "Condition \"sdebug_random\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5702, + "event": "path", + "message": "Condition \"ns < 4294967295ULL /* (u32)~0U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5704, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5711, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5733, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5736, + "event": "path", + "message": "Condition \"!sd_dp->init_poll\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5735, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5740, + "event": "use", + "message": "Using an unreliable value of \"k\" inside the second locked section. If the data that \"k\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5738| \t\t\t\tsqcp->sd_dp = sd_dp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5739| \t\t\t\tsd_dp->sqa_idx = sqp - sdebug_q_arr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5740|-> \t\t\t\tsd_dp->qc_idx = k;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5741| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5742| \t\t\tWRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "schedule_resp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 28, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5602, + "event": "path", + "message": "Condition \"!!(devip == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5609, + "event": "path", + "message": "Condition \"delta_jiff == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5613, + "event": "lock", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5614, + "event": "path", + "message": "Condition \"!!atomic_read(&sqp->blocked)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"qdepth > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"num_in_q >= qdepth\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5621, + "event": "path", + "message": "Condition \"scsi_result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5626, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5639, + "event": "path", + "message": "Condition \"!!(k >= sdebug_max_queue)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5654, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sd_dp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5655, + "event": "unlock", + "message": "Unlocking \"&sqp->qc_lock\". \"sd_dp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5657, + "event": "path", + "message": "Condition \"!sd_dp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5670, + "event": "path", + "message": "Condition \"sdebug_host_max_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5673, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5677, + "event": "path", + "message": "Condition \"pfp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5678, + "event": "path", + "message": "Condition \"cmnd->result & 0x40000000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"scsi_result != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5684, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"sdebug_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"cmnd->result\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"ndelay > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5761, + "event": "path", + "message": "Condition \"sdebug_opts & 0x10000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5761, + "event": "path", + "message": "Condition \"atomic_read(&sdeb_inject_pending)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5764, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5767, + "event": "path", + "message": "Condition \"!sd_dp->init_poll\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5766, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5769, + "event": "use", + "message": "Using an unreliable value of \"sd_dp\" inside the second locked section. If the data that \"sd_dp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5767| \t\t\tif (!sd_dp->init_poll) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5768| \t\t\t\tsd_dp->init_poll = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5769|-> \t\t\t\tsqcp->sd_dp = sd_dp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5770| \t\t\t\tsd_dp->sqa_idx = sqp - sdebug_q_arr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5771| \t\t\t\tsd_dp->qc_idx = k;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "schedule_resp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5602, + "event": "path", + "message": "Condition \"!!(devip == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5609, + "event": "path", + "message": "Condition \"delta_jiff == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5613, + "event": "lock", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5614, + "event": "path", + "message": "Condition \"!!atomic_read(&sqp->blocked)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"qdepth > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5620, + "event": "path", + "message": "Condition \"num_in_q >= qdepth\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5621, + "event": "path", + "message": "Condition \"scsi_result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5626, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5638, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"k\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5639, + "event": "path", + "message": "Condition \"!!(k >= sdebug_max_queue)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5655, + "event": "unlock", + "message": "Unlocking \"&sqp->qc_lock\". \"k\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5657, + "event": "path", + "message": "Condition \"!sd_dp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5659, + "event": "path", + "message": "Condition \"!sd_dp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5665, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5670, + "event": "path", + "message": "Condition \"sdebug_host_max_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5673, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5677, + "event": "path", + "message": "Condition \"pfp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5678, + "event": "path", + "message": "Condition \"cmnd->result & 0x40000000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5682, + "event": "path", + "message": "Condition \"scsi_result != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5684, + "event": "path", + "message": "Condition \"cmnd->result == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"sdebug_verbose\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5692, + "event": "path", + "message": "Condition \"cmnd->result\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"delta_jiff > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5696, + "event": "path", + "message": "Condition \"ndelay > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5761, + "event": "path", + "message": "Condition \"sdebug_opts & 0x10000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5761, + "event": "path", + "message": "Condition \"atomic_read(&sdeb_inject_pending)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5764, + "event": "path", + "message": "Condition \"polled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5767, + "event": "path", + "message": "Condition \"!sd_dp->init_poll\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5766, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sqp->qc_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/scsi_debug.c", + "line": 5771, + "event": "use", + "message": "Using an unreliable value of \"k\" inside the second locked section. If the data that \"k\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5769| \t\t\t\tsqcp->sd_dp = sd_dp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5770| \t\t\t\tsd_dp->sqa_idx = sqp - sdebug_q_arr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5771|-> \t\t\t\tsd_dp->qc_idx = k;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5772| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5773| \t\t\tWRITE_ONCE(sd_dp->defer_t, SDEB_DEFER_POLL);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pvscsi_host_reset", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 907, + "event": "lock", + "message": "Locking \"spinlock_check(&adapter->hw_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 909, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"use_msg\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 911, + "event": "path", + "message": "Condition \"use_msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 913, + "event": "unlock", + "message": "Unlocking \"&adapter->hw_lock\". \"use_msg\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 919, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 920, + "event": "lockagain", + "message": "Locking \"spinlock_check(&adapter->hw_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/scsi/vmw_pvscsi.c", + "line": 943, + "event": "use", + "message": "Using an unreliable value of \"use_msg\" inside the second locked section. If the data that \"use_msg\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 941| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 942| \tpvscsi_reset_all(adapter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 943|-> \tadapter->use_msg = use_msg;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 944| \tpvscsi_setup_all_rings(adapter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 945| \tpvscsi_unmask_intr(adapter);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "core_scsi3_emulate_pro_register_and_move", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_sess\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_lun\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3176, + "event": "path", + "message": "Condition \"!pr_reg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3185, + "event": "path", + "message": "Condition \"res_key != pr_reg->pr_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3195, + "event": "path", + "message": "Condition \"!sa_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3208, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3218, + "event": "path", + "message": "Condition \"tid_len + 24 != cmd->data_length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3229, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3233, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3238, + "event": "path", + "message": "Condition \"core_scsi3_tpg_depend_item(dest_se_tpg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3247, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_se_tpg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3260, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3269, + "event": "path", + "message": "Condition \"proto_ident != dest_se_tpg->proto_id\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3280, + "event": "path", + "message": "Condition \"!initiator_str\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3303, + "event": "path", + "message": "Condition \"!strcmp(initiator_str, pr_reg_nacl->initiatorname)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3305, + "event": "path", + "message": "Condition \"!matching_iname\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3306, + "event": "path", + "message": "Jumping to label \"after_iport_check\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3330, + "event": "path", + "message": "Condition \"dest_node_acl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3334, + "event": "path", + "message": "Condition \"!dest_node_acl\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3342, + "event": "path", + "message": "Condition \"core_scsi3_nodeacl_depend_item(dest_node_acl)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3360, + "event": "path", + "message": "Condition \"!dest_se_deve\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3367, + "event": "path", + "message": "Condition \"core_scsi3_lunacl_depend_item(dest_se_deve)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3384, + "event": "lock", + "message": "Locking \"&dev->dev_reservation_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3386, + "event": "path", + "message": "Condition \"!pr_res_holder\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3399, + "event": "path", + "message": "Condition \"!is_reservation_holder(pr_res_holder, pr_reg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 7\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3424, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pr_res_nacl\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3450, + "event": "path", + "message": "Condition \"!dest_pr_reg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3453, + "event": "unlock", + "message": "Unlocking \"&dev->dev_reservation_lock\". \"pr_res_nacl\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3454, + "event": "path", + "message": "Condition \"core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3460, + "event": "lockagain", + "message": "Locking \"&dev->dev_reservation_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3475, + "event": "use", + "message": "Using an unreliable value of \"pr_res_nacl\" inside the second locked section. If the data that \"pr_res_nacl\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3473| \t * holder (i.e., the I_T nexus on which the", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3474| \t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3475|-> \t__core_scsi3_complete_pro_release(dev, pr_res_nacl,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3476| \t\t\t\t\t dev->dev_pr_res_holder, 0, 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3477| \t/*", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "core_scsi3_emulate_pro_register_and_move", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_sess\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_lun\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3176, + "event": "path", + "message": "Condition \"!pr_reg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3185, + "event": "path", + "message": "Condition \"res_key != pr_reg->pr_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3195, + "event": "path", + "message": "Condition \"!sa_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3208, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3218, + "event": "path", + "message": "Condition \"tid_len + 24 != cmd->data_length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3229, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3233, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3238, + "event": "path", + "message": "Condition \"core_scsi3_tpg_depend_item(dest_se_tpg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3247, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_se_tpg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3260, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3269, + "event": "path", + "message": "Condition \"proto_ident != dest_se_tpg->proto_id\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3280, + "event": "path", + "message": "Condition \"!initiator_str\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3303, + "event": "path", + "message": "Condition \"!strcmp(initiator_str, pr_reg_nacl->initiatorname)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3305, + "event": "path", + "message": "Condition \"!matching_iname\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3306, + "event": "path", + "message": "Jumping to label \"after_iport_check\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3330, + "event": "path", + "message": "Condition \"dest_node_acl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3334, + "event": "path", + "message": "Condition \"!dest_node_acl\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3342, + "event": "path", + "message": "Condition \"core_scsi3_nodeacl_depend_item(dest_node_acl)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3360, + "event": "path", + "message": "Condition \"!dest_se_deve\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3367, + "event": "path", + "message": "Condition \"core_scsi3_lunacl_depend_item(dest_se_deve)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3384, + "event": "lock", + "message": "Locking \"&dev->dev_reservation_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3386, + "event": "path", + "message": "Condition \"!pr_res_holder\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3399, + "event": "path", + "message": "Condition \"!is_reservation_holder(pr_res_holder, pr_reg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 7\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3428, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"type\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3450, + "event": "path", + "message": "Condition \"!dest_pr_reg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3453, + "event": "unlock", + "message": "Unlocking \"&dev->dev_reservation_lock\". \"type\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3454, + "event": "path", + "message": "Condition \"core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3460, + "event": "lockagain", + "message": "Locking \"&dev->dev_reservation_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3484, + "event": "use", + "message": "Using an unreliable value of \"type\" inside the second locked section. If the data that \"type\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3482| \tdev->dev_pr_res_holder = dest_pr_reg;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3483| \tdest_pr_reg->pr_res_holder = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3484|-> \tdest_pr_reg->pr_res_type = type;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3485| \tpr_reg->pr_res_scope = scope;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3486| \tcore_pr_dump_initiator_port(pr_reg, i_buf, PR_REG_ISID_ID_LEN);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "core_scsi3_emulate_pro_register_and_move", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_sess\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3161, + "event": "path", + "message": "Condition \"!se_lun\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3176, + "event": "path", + "message": "Condition \"!pr_reg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3185, + "event": "path", + "message": "Condition \"res_key != pr_reg->pr_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3195, + "event": "path", + "message": "Condition \"!sa_res_key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3208, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3218, + "event": "path", + "message": "Condition \"tid_len + 24 != cmd->data_length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3229, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3233, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3227, + "event": "path", + "message": "Condition \"!(&tmp_lun->lun_dev_link == &dev->dev_sep_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3228, + "event": "path", + "message": "Condition \"tmp_lun->lun_rtpi != rtpi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3232, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3238, + "event": "path", + "message": "Condition \"core_scsi3_tpg_depend_item(dest_se_tpg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3247, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_se_tpg\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3251, + "event": "path", + "message": "Condition \"!dest_tf_ops\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3260, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3266, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3269, + "event": "path", + "message": "Condition \"proto_ident != dest_se_tpg->proto_id\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3280, + "event": "path", + "message": "Condition \"!initiator_str\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3290, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3303, + "event": "path", + "message": "Condition \"!strcmp(initiator_str, pr_reg_nacl->initiatorname)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3305, + "event": "path", + "message": "Condition \"!matching_iname\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3306, + "event": "path", + "message": "Jumping to label \"after_iport_check\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3330, + "event": "path", + "message": "Condition \"dest_node_acl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3334, + "event": "path", + "message": "Condition \"!dest_node_acl\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3342, + "event": "path", + "message": "Condition \"core_scsi3_nodeacl_depend_item(dest_node_acl)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3351, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3360, + "event": "path", + "message": "Condition \"!dest_se_deve\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3367, + "event": "path", + "message": "Condition \"core_scsi3_lunacl_depend_item(dest_se_deve)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3375, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3384, + "event": "lock", + "message": "Locking \"&dev->dev_reservation_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3386, + "event": "path", + "message": "Condition \"!pr_res_holder\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3399, + "event": "path", + "message": "Condition \"!is_reservation_holder(pr_res_holder, pr_reg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 7\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3415, + "event": "path", + "message": "Condition \"pr_res_holder->pr_res_type == 8\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3429, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"scope\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3450, + "event": "path", + "message": "Condition \"!dest_pr_reg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3453, + "event": "unlock", + "message": "Unlocking \"&dev->dev_reservation_lock\". \"scope\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3454, + "event": "path", + "message": "Condition \"core_scsi3_alloc_registration(cmd->se_dev, dest_node_acl, dest_lun, dest_se_deve, dest_se_deve->mapped_lun, iport_ptr, sa_res_key, 0, aptpl, 2, 1)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3460, + "event": "lockagain", + "message": "Locking \"&dev->dev_reservation_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/target/target_core_pr.c", + "line": 3485, + "event": "use", + "message": "Using an unreliable value of \"scope\" inside the second locked section. If the data that \"scope\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3483| \tdest_pr_reg->pr_res_holder = 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3484| \tdest_pr_reg->pr_res_type = type;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3485|-> \tpr_reg->pr_res_scope = scope;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3486| \tcore_pr_dump_initiator_port(pr_reg, i_buf, PR_REG_ISID_ID_LEN);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3487| \t/*", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__hvc_poll", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 644, + "event": "path", + "message": "Condition \"hp->n_outbuf > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 648, + "event": "path", + "message": "Condition \"hp->n_outbuf > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 651, + "event": "path", + "message": "Condition \"written_total\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 654, + "event": "path", + "message": "Condition \"may_sleep\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 657, + "event": "lock", + "message": "Locking \"spinlock_check(&hp->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 661, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tty\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 662, + "event": "path", + "message": "Condition \"tty == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 666, + "event": "path", + "message": "Condition \"tty_throttled(tty)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 672, + "event": "path", + "message": "Condition \"!hp->irq_requested\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 680, + "event": "path", + "message": "Condition \"count == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 686, + "event": "path", + "message": "Condition \"n <= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 688, + "event": "path", + "message": "Condition \"n == -32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 689, + "event": "unlock", + "message": "Unlocking \"&hp->lock\". \"tty\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 692, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 700, + "event": "path", + "message": "Jumping to label \"out\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 743, + "event": "path", + "message": "Condition \"hp->do_wakeup\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 691, + "event": "lockagain", + "message": "Locking \"spinlock_check(&hp->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/tty/hvc/hvc_console.c", + "line": 745, + "event": "use", + "message": "Using an unreliable value of \"tty\" inside the second locked section. If the data that \"tty\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 743| \tif (hp->do_wakeup) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 744| \t\thp->do_wakeup = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 745|-> \t\ttty_wakeup(tty);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 746| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 747| bail:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rh_call_control", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 493, + "event": "lock", + "message": "Locking \"&hcd_root_hub_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 494, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"status\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 495, + "event": "unlock", + "message": "Unlocking \"&hcd_root_hub_lock\". \"status\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 496, + "event": "path", + "message": "Condition \"status\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 506, + "event": "path", + "message": "Condition \"wLength > urb->transfer_buffer_length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 513, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x324 > __UNIQUE_ID___y325\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 515, + "event": "path", + "message": "Condition \"!tbuf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 524, + "event": "path", + "message": "Switch case value \"0x8000 | 0\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 550, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 696, + "event": "path", + "message": "Condition \"status < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 705, + "event": "path", + "message": "Condition \"status > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 710, + "event": "path", + "message": "Condition \"len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 711, + "event": "path", + "message": "Condition \"urb->transfer_buffer_length < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 718, + "event": "path", + "message": "Condition \"patch_wakeup\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 725, + "event": "path", + "message": "Condition \"patch_protocol\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 736, + "event": "lockagain", + "message": "Locking \"&hcd_root_hub_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/core/hcd.c", + "line": 738, + "event": "use", + "message": "Using an unreliable value of \"status\" inside the second locked section. If the data that \"status\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 736| \tspin_lock_irq(&hcd_root_hub_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 737| \tusb_hcd_unlink_urb_from_ep(hcd, urb);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 738|-> \tusb_hcd_giveback_urb(hcd, urb, status);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 739| \tspin_unlock_irq(&hcd_root_hub_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 740| \treturn 0;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "itd_urb_transaction", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 29, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1247, + "event": "path", + "message": "Condition \"!!(sched == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1252, + "event": "path", + "message": "Condition \"urb->interval < 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1253, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1259, + "event": "path", + "message": "Condition \"i < num_itds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1265, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1268, + "event": "path", + "message": "Condition \"itd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1269, + "event": "path", + "message": "Jumping to label \"alloc_itd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1278, + "event": "path", + "message": "Condition \"!itd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1289, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1259, + "event": "path", + "message": "Condition \"i < num_itds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1265, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1268, + "event": "path", + "message": "Condition \"itd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1269, + "event": "path", + "message": "Jumping to label \"alloc_itd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1277, + "event": "lock", + "message": "Locking \"spinlock_check(&ehci->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1278, + "event": "path", + "message": "Condition \"!itd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1289, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1259, + "event": "path", + "message": "Condition \"i < num_itds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1265, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1268, + "event": "path", + "message": "Condition \"itd->frame == ehci->now_frame\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1271, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"itd_dma\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1272, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1289, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1259, + "event": "path", + "message": "Condition \"i < num_itds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1265, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1268, + "event": "path", + "message": "Condition \"itd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1269, + "event": "path", + "message": "Jumping to label \"alloc_itd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1274, + "event": "unlock", + "message": "Unlocking \"&ehci->lock\". \"itd_dma\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1278, + "event": "path", + "message": "Condition \"!itd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1277, + "event": "lockagain", + "message": "Locking \"spinlock_check(&ehci->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 1286, + "event": "use", + "message": "Using an unreliable value of \"itd_dma\" inside the second locked section. If the data that \"itd_dma\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1284| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1285| \t\tmemset(itd, 0, sizeof(*itd));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1286|-> \t\titd->itd_dma = itd_dma;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1287| \t\titd->frame = NO_FRAME;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1288| \t\tlist_add(&itd->itd_list, &sched->td_list);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sitd_urb_transaction", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 27, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2045, + "event": "path", + "message": "Condition \"iso_sched == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2052, + "event": "path", + "message": "Condition \"i < urb->number_of_packets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2063, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2066, + "event": "path", + "message": "Condition \"sitd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2067, + "event": "path", + "message": "Jumping to label \"alloc_sitd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2076, + "event": "path", + "message": "Condition \"!sitd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2087, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2052, + "event": "path", + "message": "Condition \"i < urb->number_of_packets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2063, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2066, + "event": "path", + "message": "Condition \"sitd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2067, + "event": "path", + "message": "Jumping to label \"alloc_sitd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2075, + "event": "lock", + "message": "Locking \"spinlock_check(&ehci->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2076, + "event": "path", + "message": "Condition \"!sitd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2087, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2052, + "event": "path", + "message": "Condition \"i < urb->number_of_packets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2063, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2066, + "event": "path", + "message": "Condition \"sitd->frame == ehci->now_frame\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2069, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sitd_dma\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2070, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2087, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2052, + "event": "path", + "message": "Condition \"i < urb->number_of_packets\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2063, + "event": "path", + "message": "Condition \"!!!list_empty(&stream->free_list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2066, + "event": "path", + "message": "Condition \"sitd->frame == ehci->now_frame\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2067, + "event": "path", + "message": "Jumping to label \"alloc_sitd\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2072, + "event": "unlock", + "message": "Unlocking \"&ehci->lock\". \"sitd_dma\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2076, + "event": "path", + "message": "Condition \"!sitd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2075, + "event": "lockagain", + "message": "Locking \"spinlock_check(&ehci->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/ehci-sched.c", + "line": 2084, + "event": "use", + "message": "Using an unreliable value of \"sitd_dma\" inside the second locked section. If the data that \"sitd_dma\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2082| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2083| \t\tmemset(sitd, 0, sizeof(*sitd));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2084|-> \t\tsitd->sitd_dma = sitd_dma;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2085| \t\tsitd->frame = NO_FRAME;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2086| \t\tlist_add(&sitd->sitd_list, &iso_sched->td_list);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "xhci_set_usb2_hardware_lpm", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4561, + "event": "path", + "message": "Condition \"xhci->quirks & (536870912ULL /* 1ULL << 29 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4564, + "event": "path", + "message": "Condition \"hcd->speed >= 64\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4564, + "event": "path", + "message": "Condition \"!xhci->hw_lpm_support\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4564, + "event": "path", + "message": "Condition \"!udev->lpm_capable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4568, + "event": "path", + "message": "Condition \"!udev->parent\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4568, + "event": "path", + "message": "Condition \"udev->parent->parent\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4568, + "event": "path", + "message": "Condition \"udev->descriptor.bDeviceClass == 9\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4572, + "event": "path", + "message": "Condition \"udev->usb2_hw_lpm_capable != 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4575, + "event": "lock", + "message": "Locking \"spinlock_check(&xhci->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4580, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pm_val\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4583, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4583, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4583, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4583, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4583, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4586, + "event": "path", + "message": "Condition \"enable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4588, + "event": "path", + "message": "Condition \"udev->usb2_hw_lpm_besl_capable\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4594, + "event": "path", + "message": "Condition \"field & (4U /* 1 << 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4594, + "event": "path", + "message": "Condition \"field & (8U /* 1 << 3 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4596, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4601, + "event": "unlock", + "message": "Unlocking \"&xhci->lock\". \"pm_val\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4605, + "event": "path", + "message": "Condition \"ret < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4613, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4607, + "event": "lockagain", + "message": "Locking \"spinlock_check(&xhci->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/host/xhci.c", + "line": 4619, + "event": "use", + "message": "Using an unreliable value of \"pm_val\" inside the second locked section. If the data that \"pm_val\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4617| \t\tpm_val &= ~PORT_HIRD_MASK;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4618| \t\tpm_val |= PORT_HIRD(hird) | PORT_RWE | PORT_L1DS(udev->slot_id);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4619|-> \t\twritel(pm_val, pm_addr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4620| \t\tpm_val = readl(pm_addr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4621| \t\tpm_val |= PORT_HLE;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "belkin_sa_set_termios", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 297, + "event": "lock", + "message": "Locking \"spinlock_check(&priv->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 298, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"control_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 300, + "event": "unlock", + "message": "Unlocking \"&priv->lock\". \"control_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 306, + "event": "path", + "message": "Condition \"(cflag & 4111) != (old_cflag & 4111)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 308, + "event": "path", + "message": "Condition \"(old_cflag & 4111) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 310, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 10, 64, 1, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 313, + "event": "path", + "message": "Condition \"!(old_cflag & 0x80000000U)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 314, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 11, 64, 1, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 321, + "event": "path", + "message": "Condition \"baud\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 324, + "event": "path", + "message": "Condition \"urb_value == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 331, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 0, 64, urb_value, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 333, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 347, + "event": "path", + "message": "Condition \"(cflag ^ old_cflag) & (768U /* 0x100 | 0x200 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 348, + "event": "path", + "message": "Condition \"cflag & 256\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 349, + "event": "path", + "message": "Condition \"cflag & 512\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 350, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 353, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 3, 64, urb_value, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 358, + "event": "path", + "message": "Condition \"(cflag & 48) != (old_cflag & 48)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 360, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 2, 64, urb_value, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 365, + "event": "path", + "message": "Condition \"(cflag & 64) != (old_cflag & 64)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 366, + "event": "path", + "message": "Condition \"cflag & 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 368, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 1, 64, urb_value, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 374, + "event": "path", + "message": "Condition \"(iflag ^ old_iflag) & (5120U /* 0x1000 | 0x400 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 377, + "event": "path", + "message": "Condition \"iflag & 4096\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 378, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 382, + "event": "path", + "message": "Condition \"cflag & 0x80000000U\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 383, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 387, + "event": "path", + "message": "Condition \"bad_flow_control\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 390, + "event": "path", + "message": "Condition \"usb_control_msg(serial->dev, (2147483648U /* 2 << 30 */) | __create_pipe(serial->dev, 0), 16, 64, urb_value, 0, NULL, 0, 5000) < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 395, + "event": "lockagain", + "message": "Locking \"spinlock_check(&priv->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/belkin_sa.c", + "line": 396, + "event": "use", + "message": "Using an unreliable value of \"control_state\" inside the second locked section. If the data that \"control_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 394| \t/* save off the modified port settings */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 395| \tspin_lock_irqsave(&priv->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 396|-> \tpriv->control_state = control_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 397| \tspin_unlock_irqrestore(&priv->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 398| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "gsp_receive", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 479, + "event": "lock", + "message": "Locking \"spinlock_check(&garmin_data_p->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 481, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"size\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 484, + "event": "unlock", + "message": "Unlocking \"&garmin_data_p->lock\". \"size\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 489, + "event": "path", + "message": "Condition \"size == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 492, + "event": "path", + "message": "Condition \"offs < count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 497, + "event": "path", + "message": "Condition \"data == 16\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 498, + "event": "path", + "message": "Condition \"skip\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 502, + "event": "path", + "message": "Condition \"dleSeen\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 505, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 508, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 542, + "event": "path", + "message": "Condition \"size >= 273 /* 12 + (3 + 255 + 3) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 548, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 492, + "event": "path", + "message": "Condition \"offs < count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 550, + "event": "lockagain", + "message": "Locking \"spinlock_check(&garmin_data_p->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/garmin_gps.c", + "line": 552, + "event": "use", + "message": "Using an unreliable value of \"size\" inside the second locked section. If the data that \"size\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| \tspin_lock_irqsave(&garmin_data_p->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552|-> \tgarmin_data_p->insize = size;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554| \t/* copy flags back to structure */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "mct_u232_set_termios", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 608, + "event": "lock", + "message": "Locking \"spinlock_check(&priv->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 609, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"control_state\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 610, + "event": "unlock", + "message": "Unlocking \"&priv->lock\". \"control_state\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 621, + "event": "path", + "message": "Condition \"(old_cflag & 4111) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 622, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 622, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 622, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 622, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 622, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 629, + "event": "path", + "message": "Condition \"(cflag & 4111) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 630, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 630, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 630, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 630, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 630, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 641, + "event": "path", + "message": "Condition \"cflag & 256\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 642, + "event": "path", + "message": "Condition \"cflag & 512\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 643, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 648, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 650, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 667, + "event": "path", + "message": "Condition \"cflag & 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 673, + "event": "lockagain", + "message": "Locking \"spinlock_check(&priv->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/mct_u232.c", + "line": 674, + "event": "use", + "message": "Using an unreliable value of \"control_state\" inside the second locked section. If the data that \"control_state\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 672| \t/* save off the modified port settings */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 673| \tspin_lock_irqsave(&priv->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 674|-> \tpriv->control_state = control_state;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 675| \tpriv->last_lcr = last_lcr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 676| \tspin_unlock_irqrestore(&priv->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "oti6858_set_termios", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 409, + "event": "lock", + "message": "Locking \"spinlock_check(&priv->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 412, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"control\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 413, + "event": "unlock", + "message": "Unlocking \"&priv->lock\". \"control\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 416, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 419, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 438, + "event": "path", + "message": "Condition \"br == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 440, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 452, + "event": "path", + "message": "Condition \"(cflag & 64) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 453, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 458, + "event": "path", + "message": "Condition \"(cflag & 256) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 459, + "event": "path", + "message": "Condition \"(cflag & 512) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 460, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 463, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 468, + "event": "path", + "message": "Condition \"(cflag & 0x80000000U) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 489, + "event": "path", + "message": "Condition \"divisor != priv->pending_setup.divisor\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 488, + "event": "lockagain", + "message": "Locking \"spinlock_check(&priv->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 493, + "event": "use", + "message": "Using an unreliable value of \"control\" inside the second locked section. If the data that \"control\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 491| \t\t\t|| frame_fmt != priv->pending_setup.frame_fmt) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 492| \t\tpriv->pending_setup.divisor = divisor;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 493|-> \t\tpriv->pending_setup.control = control;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 494| \t\tpriv->pending_setup.frame_fmt = frame_fmt;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 495| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "oti6858_set_termios", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 409, + "event": "lock", + "message": "Locking \"spinlock_check(&priv->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 411, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"frame_fmt\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 413, + "event": "unlock", + "message": "Unlocking \"&priv->lock\". \"frame_fmt\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 416, + "event": "path", + "message": "Switch case value \"0\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 419, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 438, + "event": "path", + "message": "Condition \"br == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 440, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 452, + "event": "path", + "message": "Condition \"(cflag & 64) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 453, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 458, + "event": "path", + "message": "Condition \"(cflag & 256) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 459, + "event": "path", + "message": "Condition \"(cflag & 512) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 460, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 463, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 468, + "event": "path", + "message": "Condition \"(cflag & 0x80000000U) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 489, + "event": "path", + "message": "Condition \"divisor != priv->pending_setup.divisor\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 488, + "event": "lockagain", + "message": "Locking \"spinlock_check(&priv->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/drivers/usb/serial/oti6858.c", + "line": 494, + "event": "use", + "message": "Using an unreliable value of \"frame_fmt\" inside the second locked section. If the data that \"frame_fmt\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 492| \t\tpriv->pending_setup.divisor = divisor;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 493| \t\tpriv->pending_setup.control = control;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 494|-> \t\tpriv->pending_setup.frame_fmt = frame_fmt;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 495| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 496| \tspin_unlock_irqrestore(&priv->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "afs_i_init_once", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/afs/internal.h", + "line": 621, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/netfs.h", + "line": 125, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 629, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 630, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/afs/super.c", + "line": 661, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 659| \tstruct afs_vnode *vnode = _vnode;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 660| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 661|-> \tmemset(vnode, 0, sizeof(*vnode));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 662| \tinode_init_once(&vnode->netfs.inode);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663| \tmutex_init(&vnode->io_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "aio_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1548, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iovec\" = \"inline_vecs\" (address of local variable \"inline_vecs\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1554, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1557, + "event": "path", + "message": "Condition \"!!!(file->f_mode & 1U /* (fmode_t)1 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1560, + "event": "path", + "message": "Condition \"!!!file->f_op->read_iter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1563, + "event": "identity_transfer", + "message": "Passing \"iovec\" as argument 3 to function \"aio_setup_rw\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1563, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"aio_setup_rw(0, iocb, &iovec, vectored, compat, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1564, + "event": "path", + "message": "Condition \"ret < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1565, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"inline_vecs\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1563| \tret = aio_setup_rw(READ, iocb, &iovec, vectored, compat, &iter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1564| \tif (ret < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1565|-> \t\treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1566| \tret = rw_verify_area(READ, file, &req->ki_pos, iov_iter_count(&iter));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1567| \tif (!ret)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "aio_write", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1576, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iovec\" = \"inline_vecs\" (address of local variable \"inline_vecs\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1582, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1586, + "event": "path", + "message": "Condition \"!!!(file->f_mode & 2U /* (fmode_t)2 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1588, + "event": "path", + "message": "Condition \"!!!file->f_op->write_iter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1591, + "event": "identity_transfer", + "message": "Passing \"iovec\" as argument 3 to function \"aio_setup_rw\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1591, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"aio_setup_rw(1, iocb, &iovec, vectored, compat, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1592, + "event": "path", + "message": "Condition \"ret < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/aio.c", + "line": 1593, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"inline_vecs\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1591| \tret = aio_setup_rw(WRITE, iocb, &iovec, vectored, compat, &iter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1592| \tif (ret < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1593|-> \t\treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1594| \tret = rw_verify_area(WRITE, file, &req->ki_pos, iov_iter_count(&iter));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1595| \tif (!ret) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "get_next_positive_dentry", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 121, + "event": "path", + "message": "Condition \"prev == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 125, + "event": "lock", + "message": "Locking \"&p->d_lockref.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 126, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 130, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 130, + "event": "path", + "message": "Condition \"p == root\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 132, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"parent\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 133, + "event": "unlock", + "message": "Unlocking \"&p->d_lockref.lock\". \"parent\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 134, + "event": "lockagain", + "message": "Locking \"&parent->d_lockref.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/autofs/expire.c", + "line": 136, + "event": "use", + "message": "Using an unreliable value of \"parent\" inside the second locked section. If the data that \"parent\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| \t\tspin_lock(&parent->d_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135| \t\td = p;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136|-> \t\tp = parent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| \tspin_unlock(&p->d_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ceph_check_caps", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 378, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1922, + "event": "path", + "message": "Condition \"session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1926, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (4096UL /* 1 << 12 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1933, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (4UL /* 1 << 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"(inode->i_mode & 0xf000) == 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wb_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wrbuffer_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"inode->i_data.nrpages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"revoking & (33792 /* (4 << 8) | (0x80 << 8) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"(inode->i_mode & 0xf000) == 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wb_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wrbuffer_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"inode->i_data.nrpages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"revoking & (33792 /* (4 << 8) | (0x80 << 8) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2118, + "event": "lock", + "message": "Locking \"ci->i_ceph_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2055, + "event": "path", + "message": "Condition \"__ceph_should_report_size(ci)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2056, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2056, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2056, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2056, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2056, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2057, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2055, + "event": "path", + "message": "Condition \"__ceph_should_report_size(ci)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2061, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2062, + "event": "path", + "message": "Condition \"flags & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2062, + "event": "path", + "message": "Condition \"ci->i_dirty_caps\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2066, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2067, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2067, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2067, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2067, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2067, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2068, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2110, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"session\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2120, + "event": "unlock", + "message": "Unlocking \"ci->i_ceph_lock\". \"session\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2120, + "event": "lockagain", + "message": "Locking \"ci->i_ceph_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2109, + "event": "use", + "message": "Using an unreliable value of \"session\" inside the second locked section. If the data that \"session\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2107| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2108| ack:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2109|-> \t\tceph_put_mds_session(session);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2110| \t\tsession = ceph_get_mds_session(cap->session);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2111| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ceph_check_caps", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 256, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1922, + "event": "path", + "message": "Condition \"session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1926, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (4096UL /* 1 << 12 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1933, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (4UL /* 1 << 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"(inode->i_mode & 0xf000) == 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wb_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wrbuffer_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"inode->i_data.nrpages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"revoking & (33792 /* (4 << 8) | (0x80 << 8) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"(inode->i_mode & 0xf000) == 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wb_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"ci->i_wrbuffer_ref\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"inode->i_data.nrpages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"revoking & (33792 /* (4 << 8) | (0x80 << 8) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2120, + "event": "lock", + "message": "Locking \"ci->i_ceph_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2122, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"!mdsc->stopping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1955, + "event": "path", + "message": "Condition \"(*inode).i_nlink > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1956, + "event": "path", + "message": "Condition \"file_wanted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1958, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 1986, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"!(flags & 4)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2001, + "event": "path", + "message": "Condition \"mdsc->stopping\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2028, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2019, + "event": "path", + "message": "Condition \"p\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"mds >= (*cap).mds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"flags & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2026, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2035, + "event": "path", + "message": "Condition \"cap != ci->i_auth_cap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2039, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2045, + "event": "path", + "message": "Condition \"(*cap).issued & (4096 /* 0x10 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2048, + "event": "path", + "message": "Condition \"ci->i_wanted_max_size > ci->i_requested_max_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2050, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2051, + "event": "path", + "message": "Jumping to label \"ack\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2110, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"session\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"cap == ci->i_auth_cap\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2114, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (384UL /* (1 << 7) | (1 << 8) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2117, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (128UL /* 1 << 7 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2118, + "event": "unlock", + "message": "Unlocking \"ci->i_ceph_lock\". \"session\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2119, + "event": "path", + "message": "Condition \"ci->i_ceph_flags & (256UL /* 1 << 8 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2118, + "event": "lockagain", + "message": "Locking \"ci->i_ceph_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ceph/caps.c", + "line": 2120, + "event": "use", + "message": "Using an unreliable value of \"session\" inside the second locked section. If the data that \"session\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2118| \t\t\t\t__kick_flushing_caps(mdsc, session, ci, 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2119| \t\t\tif (ci->i_ceph_flags & CEPH_I_FLUSH_SNAPS)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2120|-> \t\t\t\t__ceph_flush_snaps(ci, session);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2121| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2122| \t\t\tgoto retry;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "cifs_prune_tlinks", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4054, + "event": "lock", + "message": "Locking \"&cifs_sb->tlink_tree_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4056, + "event": "path", + "message": "Condition \"node != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4058, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"node\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4061, + "event": "path", + "message": "Condition \"test_bit(0, &tlink->tl_flags)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4061, + "event": "path", + "message": "Condition \"atomic_read(&tlink->tl_count) != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4061, + "event": "path", + "message": "Condition \"1 /* ({...; 1;}) && ({...; 1;}) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4061, + "event": "path", + "message": "Condition \"(long)(jiffies - (tlink->tl_time + 600000UL /* 600 * 1000 */)) < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4070, + "event": "unlock", + "message": "Unlocking \"&cifs_sb->tlink_tree_lock\". \"node\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4073, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4056, + "event": "path", + "message": "Condition \"node != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4072, + "event": "lockagain", + "message": "Locking \"&cifs_sb->tlink_tree_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/cifs/connect.c", + "line": 4057, + "event": "use", + "message": "Using an unreliable value of \"node\" inside the second locked section. If the data that \"node\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4055| \tnode = rb_first(root);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4056| \twhile (node != NULL) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4057|-> \t\ttmp = node;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4058| \t\tnode = rb_next(tmp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4059| \t\ttlink = rb_entry(tmp, struct tcon_link, tl_rbnode);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "configfs_readdir", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1632, + "event": "path", + "message": "Condition \"!dir_emit_dots(file, ctx)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1634, + "event": "lock", + "message": "Locking \"&configfs_dirent_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1635, + "event": "path", + "message": "Condition \"ctx->pos == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1637, + "event": "path", + "message": "Condition \"p != &parent_sd->s_children\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1644, + "event": "path", + "message": "Condition \"!next->s_element\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1645, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1637, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"p\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1637, + "event": "path", + "message": "Condition \"p != &parent_sd->s_children\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1644, + "event": "path", + "message": "Condition \"!next->s_element\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1661, + "event": "path", + "message": "Condition \"dentry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1663, + "event": "path", + "message": "Condition \"inode\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1665, + "event": "unlock", + "message": "Unlocking \"&configfs_dirent_lock\". \"p\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1666, + "event": "path", + "message": "Condition \"!inode\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1672, + "event": "path", + "message": "Condition \"!dir_emit(ctx, name, len, ino, dt_type(next))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1675, + "event": "lockagain", + "message": "Locking \"&configfs_dirent_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/configfs/dir.c", + "line": 1676, + "event": "use", + "message": "Using an unreliable value of \"p\" inside the second locked section. If the data that \"p\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1674| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1675| \t\tspin_lock(&configfs_dirent_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1676|-> \t\tlist_move(q, p);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1677| \t\tp = q;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1678| \t\tctx->pos++;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "d_walk", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 34, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1363, + "event": "path", + "message": "Switch case value \"D_WALK_CONTINUE\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1365, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1376, + "event": "path", + "message": "Condition \"next != &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1381, + "event": "path", + "message": "Condition \"!!(dentry->d_flags & 536870912)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1382, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1376, + "event": "path", + "message": "Condition \"next != &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1381, + "event": "path", + "message": "Condition \"!!(dentry->d_flags & 536870912)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1387, + "event": "path", + "message": "Switch case value \"D_WALK_CONTINUE\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1389, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1401, + "event": "path", + "message": "Condition \"!list_empty(&dentry->d_subdirs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1406, + "event": "path", + "message": "Jumping to label \"repeat\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1376, + "event": "path", + "message": "Condition \"next != &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1381, + "event": "path", + "message": "Condition \"!!(dentry->d_flags & 536870912)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1382, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1376, + "event": "path", + "message": "Condition \"next != &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1381, + "event": "path", + "message": "Condition \"!!(dentry->d_flags & 536870912)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1387, + "event": "path", + "message": "Switch case value \"D_WALK_CONTINUE\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1389, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1401, + "event": "path", + "message": "Condition \"!list_empty(&dentry->d_subdirs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1409, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1376, + "event": "path", + "message": "Condition \"next != &this_parent->d_subdirs\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1415, + "event": "path", + "message": "Condition \"this_parent != parent\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1420, + "event": "lock", + "message": "Locking \"&this_parent->d_lockref.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1423, + "event": "path", + "message": "Condition \"need_seqretry(&rename_lock, seq)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1428, + "event": "path", + "message": "Condition \"next == &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1429, + "event": "path", + "message": "Jumping to label \"ascend\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1415, + "event": "path", + "message": "Condition \"this_parent != parent\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1417, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"this_parent\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1419, + "event": "unlock", + "message": "Unlocking \"&child->d_lockref.lock\". \"this_parent\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1423, + "event": "path", + "message": "Condition \"need_seqretry(&rename_lock, seq)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1428, + "event": "path", + "message": "Condition \"next == &this_parent->d_subdirs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1429, + "event": "path", + "message": "Jumping to label \"ascend\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1415, + "event": "path", + "message": "Condition \"this_parent != parent\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1420, + "event": "lockagain", + "message": "Locking \"&this_parent->d_lockref.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/dcache.c", + "line": 1416, + "event": "use", + "message": "Using an unreliable value of \"this_parent\" inside the second locked section. If the data that \"this_parent\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1414| ascend:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1415| \tif (this_parent != parent) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1416|-> \t\tstruct dentry *child = this_parent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1417| \t\tthis_parent = child->d_parent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1418| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ext4_mb_use_preallocated", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 29, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4368, + "event": "path", + "message": "Condition \"!(ac->ac_flags & 32)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ei->i_prealloc_list.next) == sizeof (char) || sizeof (ei->i_prealloc_list.next) == sizeof (short)) || sizeof (ei->i_prealloc_list.next) == sizeof (int)) || sizeof (ei->i_prealloc_list.next) == sizeof (long)) || sizeof (ei->i_prealloc_list.next) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"&pa->pa_inode_list != &ei->i_prealloc_list\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4377, + "event": "path", + "message": "Condition \"ac->ac_o_ex.fe_logical < pa->pa_lstart\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4380, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"&pa->pa_inode_list != &ei->i_prealloc_list\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4377, + "event": "path", + "message": "Condition \"ac->ac_o_ex.fe_logical < pa->pa_lstart\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4377, + "event": "path", + "message": "Condition \"ac->ac_o_ex.fe_logical >= pa->pa_lstart + (pa->pa_len << sbi->s_cluster_bits)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4380, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4373, + "event": "path", + "message": "Condition \"&pa->pa_inode_list != &ei->i_prealloc_list\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4403, + "event": "path", + "message": "Condition \"!(ac->ac_flags & 128)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4408, + "event": "path", + "message": "Condition \"lg == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4411, + "event": "path", + "message": "Condition \"order > 9 /* 10 - 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4420, + "event": "path", + "message": "Condition \"i < 10\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4422, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (lg->lg_prealloc_list[i].next) == sizeof (char) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (short)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (int)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (long)) || sizeof (lg->lg_prealloc_list[i].next) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4422, + "event": "path", + "message": "Condition \"&pa->pa_inode_list != &lg->lg_prealloc_list[i]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4424, + "event": "lock", + "message": "Locking \"&pa->pa_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4425, + "event": "path", + "message": "Condition \"pa->pa_deleted == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4425, + "event": "path", + "message": "Condition \"pa->pa_free >= ac->ac_o_ex.fe_len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4428, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cpa\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4431, + "event": "unlock", + "message": "Unlocking \"&pa->pa_lock\". \"cpa\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4432, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4422, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (pa->pa_inode_list.next) == sizeof (char) || sizeof (pa->pa_inode_list.next) == sizeof (short)) || sizeof (pa->pa_inode_list.next) == sizeof (int)) || sizeof (pa->pa_inode_list.next) == sizeof (long)) || sizeof (pa->pa_inode_list.next) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4422, + "event": "path", + "message": "Condition \"&pa->pa_inode_list != &lg->lg_prealloc_list[i]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4425, + "event": "path", + "message": "Condition \"pa->pa_deleted == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4425, + "event": "path", + "message": "Condition \"pa->pa_free >= ac->ac_o_ex.fe_len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4424, + "event": "lockagain", + "message": "Locking \"&pa->pa_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/mballoc.c", + "line": 4428, + "event": "use", + "message": "Using an unreliable value of \"cpa\" inside the second locked section. If the data that \"cpa\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4426| \t\t\t\t\tpa->pa_free >= ac->ac_o_ex.fe_len) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4427| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4428|-> \t\t\t\tcpa = ext4_mb_check_group_pa(goal_block,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4429| \t\t\t\t\t\t\t\tpa, cpa);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4430| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "ext4_dx_find_entry", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c", + "line": 1771, + "event": "local_addr", + "message": "Address of local variable \"frames\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c", + "line": 1771, + "event": "identity_transfer", + "message": "Passing \"frames\" as argument 4 to function \"dx_probe\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c", + "line": 1771, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"frame\" = \"dx_probe(fname, dir, NULL, frames)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c", + "line": 1772, + "event": "path", + "message": "Condition \"IS_ERR(frame)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/ext4/namei.c", + "line": 1773, + "event": "return_local_addr_alias", + "message": "Returning pointer \"frame\" which points to local variable \"frames\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1771| \tframe = dx_probe(fname, dir, NULL, frames);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1772| \tif (IS_ERR(frame))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1773|-> \t\treturn (struct buffer_head *) frame;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1774| \tdo {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1775| \t\tblock = dx_get_block(frame->at);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "inode_init_once", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 629, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 630, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/inode.c", + "line": 419, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| void inode_init_once(struct inode *inode)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419|-> \tmemset(inode, 0, sizeof(*inode));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| \tINIT_HLIST_NODE(&inode->i_hash);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421| \tINIT_LIST_HEAD(&inode->i_devices);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "jbd2_journal_commit_transaction", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 55, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 412, + "event": "path", + "message": "Condition \"jbd2_journal_has_csum_v2or3(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 421, + "event": "path", + "message": "Condition \"journal->j_flags & 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 435, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 439, + "event": "path", + "message": "Condition \"!(journal->j_running_transaction != NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 440, + "event": "path", + "message": "Condition \"!(journal->j_committing_transaction == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 444, + "event": "path", + "message": "Condition \"journal->j_flags & 256\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 473, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_RUNNING)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 480, + "event": "path", + "message": "Condition \"commit_transaction->t_requested\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 492, + "event": "path", + "message": "Condition \"!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 513, + "event": "path", + "message": "Condition \"commit_transaction->t_reserved_list\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 581, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 605, + "event": "path", + "message": "Condition \"!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 611, + "event": "path", + "message": "Condition \"commit_transaction->t_buffers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 776, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 796, + "event": "path", + "message": "Condition \"update_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 799, + "event": "path", + "message": "Condition \"first_block < journal->j_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 802, + "event": "path", + "message": "Condition \"freed < jbd2_journal_get_max_txn_bufs(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 805, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"commit_transaction->t_need_data_flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_fs_dev != journal->j_dev\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_flags & 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 820, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 842, + "event": "path", + "message": "Condition \"!list_empty(&io_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 881, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 904, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 909, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT_DFLUSH)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 913, + "event": "path", + "message": "Condition \"!jbd2_has_feature_async_commit(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 916, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 919, + "event": "path", + "message": "Condition \"cbh\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 922, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 927, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 938, + "event": "path", + "message": "Condition \"update_tail\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 948, + "event": "path", + "message": "Condition \"!list_empty(&commit_transaction->t_inode_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 949, + "event": "path", + "message": "Condition \"!(commit_transaction->t_buffers == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 950, + "event": "path", + "message": "Condition \"!(commit_transaction->t_checkpoint_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 951, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 958, + "event": "lock", + "message": "Locking \"&journal->j_list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 959, + "event": "path", + "message": "Condition \"commit_transaction->t_forget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 965, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"jh\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 966, + "event": "unlock", + "message": "Unlocking \"&journal->j_list_lock\". \"jh\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 974, + "event": "path", + "message": "Condition \"!(jh->b_transaction == commit_transaction)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 989, + "event": "path", + "message": "Condition \"jh->b_committed_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 992, + "event": "path", + "message": "Condition \"jh->b_frozen_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 997, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1005, + "event": "path", + "message": "Condition \"cp_transaction\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1003, + "event": "lockagain", + "message": "Locking \"&journal->j_list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1008, + "event": "use", + "message": "Using an unreliable value of \"jh\" inside the second locked section. If the data that \"jh\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1006| \t\t\tJBUFFER_TRACE(jh, \"remove from old cp transaction\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1007| \t\t\tcp_transaction->t_chp_stats.cs_dropped++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1008|-> \t\t\t__jbd2_journal_remove_checkpoint(jh);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1009| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1010| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "jbd2_journal_commit_transaction", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 61, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 412, + "event": "path", + "message": "Condition \"jbd2_journal_has_csum_v2or3(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 421, + "event": "path", + "message": "Condition \"journal->j_flags & 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 435, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 439, + "event": "path", + "message": "Condition \"!(journal->j_running_transaction != NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 440, + "event": "path", + "message": "Condition \"!(journal->j_committing_transaction == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 444, + "event": "path", + "message": "Condition \"journal->j_flags & 256\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 473, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_RUNNING)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 480, + "event": "path", + "message": "Condition \"commit_transaction->t_requested\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 492, + "event": "path", + "message": "Condition \"!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 513, + "event": "path", + "message": "Condition \"commit_transaction->t_reserved_list\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 581, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 605, + "event": "path", + "message": "Condition \"!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 611, + "event": "path", + "message": "Condition \"commit_transaction->t_buffers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 776, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 796, + "event": "path", + "message": "Condition \"update_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 799, + "event": "path", + "message": "Condition \"first_block < journal->j_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 802, + "event": "path", + "message": "Condition \"freed < jbd2_journal_get_max_txn_bufs(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 805, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"commit_transaction->t_need_data_flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_fs_dev != journal->j_dev\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_flags & 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 820, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 842, + "event": "path", + "message": "Condition \"!list_empty(&io_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 881, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 904, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 909, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT_DFLUSH)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 913, + "event": "path", + "message": "Condition \"!jbd2_has_feature_async_commit(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 916, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 919, + "event": "path", + "message": "Condition \"cbh\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 922, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 927, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 938, + "event": "path", + "message": "Condition \"update_tail\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 948, + "event": "path", + "message": "Condition \"!list_empty(&commit_transaction->t_inode_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 949, + "event": "path", + "message": "Condition \"!(commit_transaction->t_buffers == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 950, + "event": "path", + "message": "Condition \"!(commit_transaction->t_checkpoint_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 951, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 958, + "event": "lock", + "message": "Locking \"&journal->j_list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 959, + "event": "path", + "message": "Condition \"commit_transaction->t_forget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 965, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"jh\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 966, + "event": "unlock", + "message": "Unlocking \"&journal->j_list_lock\". \"jh\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 974, + "event": "path", + "message": "Condition \"!(jh->b_transaction == commit_transaction)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 989, + "event": "path", + "message": "Condition \"jh->b_committed_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 992, + "event": "path", + "message": "Condition \"jh->b_frozen_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 997, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1005, + "event": "path", + "message": "Condition \"cp_transaction\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1026, + "event": "path", + "message": "Condition \"buffer_freed(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1026, + "event": "path", + "message": "Condition \"!jh->b_next_transaction\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1044, + "event": "path", + "message": "Condition \"0 /* !((((sizeof ((*bh->b_page).mapping) == sizeof (char) || sizeof ((*bh->b_page).mapping) == sizeof (short)) || sizeof ((*bh->b_page).mapping) == sizeof (int)) || sizeof ((*bh->b_page).mapping) == sizeof (long)) || sizeof ((*bh->b_page).mapping) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1045, + "event": "path", + "message": "Condition \"mapping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1045, + "event": "path", + "message": "Condition \"!sb_is_blkdev_sb(mapping->host->i_sb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1053, + "event": "path", + "message": "Condition \"buffer_jbddirty(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1003, + "event": "lockagain", + "message": "Locking \"&journal->j_list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1055, + "event": "use", + "message": "Using an unreliable value of \"jh\" inside the second locked section. If the data that \"jh\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1053| \t\tif (buffer_jbddirty(bh)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1054| \t\t\tJBUFFER_TRACE(jh, \"add to new checkpointing trans\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1055|-> \t\t\t__jbd2_journal_insert_checkpoint(jh, commit_transaction);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1056| \t\t\tif (is_journal_aborted(journal))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| \t\t\t\tclear_buffer_jbddirty(bh);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "jbd2_journal_commit_transaction", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 63, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 412, + "event": "path", + "message": "Condition \"jbd2_journal_has_csum_v2or3(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 421, + "event": "path", + "message": "Condition \"journal->j_flags & 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 435, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 439, + "event": "path", + "message": "Condition \"!(journal->j_running_transaction != NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 440, + "event": "path", + "message": "Condition \"!(journal->j_committing_transaction == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 444, + "event": "path", + "message": "Condition \"journal->j_flags & 256\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 473, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_RUNNING)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 480, + "event": "path", + "message": "Condition \"commit_transaction->t_requested\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 492, + "event": "path", + "message": "Condition \"!(atomic_read(&commit_transaction->t_outstanding_credits) <= journal->j_max_transaction_buffers)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 513, + "event": "path", + "message": "Condition \"commit_transaction->t_reserved_list\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 581, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 605, + "event": "path", + "message": "Condition \"!(commit_transaction->t_nr_buffers <= atomic_read(&commit_transaction->t_outstanding_credits))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 611, + "event": "path", + "message": "Condition \"commit_transaction->t_buffers\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 776, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 796, + "event": "path", + "message": "Condition \"update_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 799, + "event": "path", + "message": "Condition \"first_block < journal->j_tail\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 802, + "event": "path", + "message": "Condition \"freed < jbd2_journal_get_max_txn_bufs(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 805, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"commit_transaction->t_need_data_flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_fs_dev != journal->j_dev\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 814, + "event": "path", + "message": "Condition \"journal->j_flags & 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 820, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 842, + "event": "path", + "message": "Condition \"!list_empty(&io_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 881, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 893, + "event": "path", + "message": "Condition \"!!!buffer_uptodate(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 902, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 886, + "event": "path", + "message": "Condition \"!list_empty(&log_bufs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 904, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 909, + "event": "path", + "message": "Condition \"!(commit_transaction->t_state == T_COMMIT_DFLUSH)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 913, + "event": "path", + "message": "Condition \"!jbd2_has_feature_async_commit(journal)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 916, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 919, + "event": "path", + "message": "Condition \"cbh\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 922, + "event": "path", + "message": "Condition \"jbd2_has_feature_async_commit(journal)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 927, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 930, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 938, + "event": "path", + "message": "Condition \"update_tail\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 948, + "event": "path", + "message": "Condition \"!list_empty(&commit_transaction->t_inode_list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 949, + "event": "path", + "message": "Condition \"!(commit_transaction->t_buffers == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 950, + "event": "path", + "message": "Condition \"!(commit_transaction->t_checkpoint_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 951, + "event": "path", + "message": "Condition \"!(commit_transaction->t_shadow_list == NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 958, + "event": "lock", + "message": "Locking \"&journal->j_list_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 959, + "event": "path", + "message": "Condition \"commit_transaction->t_forget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 965, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"jh\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 966, + "event": "unlock", + "message": "Unlocking \"&journal->j_list_lock\". \"jh\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 974, + "event": "path", + "message": "Condition \"!(jh->b_transaction == commit_transaction)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 989, + "event": "path", + "message": "Condition \"jh->b_committed_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 992, + "event": "path", + "message": "Condition \"jh->b_frozen_data\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 997, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1005, + "event": "path", + "message": "Condition \"cp_transaction\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1026, + "event": "path", + "message": "Condition \"buffer_freed(bh)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1026, + "event": "path", + "message": "Condition \"!jh->b_next_transaction\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1044, + "event": "path", + "message": "Condition \"0 /* !((((sizeof ((*bh->b_page).mapping) == sizeof (char) || sizeof ((*bh->b_page).mapping) == sizeof (short)) || sizeof ((*bh->b_page).mapping) == sizeof (int)) || sizeof ((*bh->b_page).mapping) == sizeof (long)) || sizeof ((*bh->b_page).mapping) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1045, + "event": "path", + "message": "Condition \"mapping\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1045, + "event": "path", + "message": "Condition \"!sb_is_blkdev_sb(mapping->host->i_sb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1053, + "event": "path", + "message": "Condition \"buffer_jbddirty(bh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1059, + "event": "path", + "message": "Condition \"!!buffer_dirty(bh)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1069, + "event": "path", + "message": "Condition \"!jh->b_next_transaction\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1003, + "event": "lockagain", + "message": "Locking \"&journal->j_list_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/commit.c", + "line": 1073, + "event": "use", + "message": "Using an unreliable value of \"jh\" inside the second locked section. If the data that \"jh\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1071| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1072| \t\tJBUFFER_TRACE(jh, \"refile or unfile buffer\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1073|-> \t\tdrop_ref = __jbd2_journal_refile_buffer(jh);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1074| \t\tspin_unlock(&jh->b_state_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1075| \t\tif (drop_ref)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "jbd2_journal_write_metadata_buffer", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 359, + "event": "path", + "message": "Condition \"!buffer_jbddirty(bh_in)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 366, + "event": "lock", + "message": "Locking \"&jh_in->b_state_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 372, + "event": "path", + "message": "Condition \"jh_in->b_frozen_data\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 377, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"new_page\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 388, + "event": "path", + "message": "Condition \"!done_copy_out\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 395, + "event": "path", + "message": "Condition \"*((__be32 *)(mapped_data + new_offset)) == 2553887680U /* (__be32)(__u32)__builtin_bswap32((__u32)3225106840U) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 400, + "event": "path", + "message": "Condition \"0 /* !!__builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 405, + "event": "path", + "message": "Condition \"need_copy_out\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 405, + "event": "path", + "message": "Condition \"!done_copy_out\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 408, + "event": "unlock", + "message": "Unlocking \"&jh_in->b_state_lock\". \"new_page\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 410, + "event": "path", + "message": "Condition \"!tmp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 415, + "event": "path", + "message": "Condition \"jh_in->b_frozen_data\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 414, + "event": "lockagain", + "message": "Locking \"&jh_in->b_state_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/jbd2/journal.c", + "line": 421, + "event": "use", + "message": "Using an unreliable value of \"new_page\" inside the second locked section. If the data that \"new_page\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| \t\tjh_in->b_frozen_data = tmp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421|-> \t\tmapped_data = kmap_atomic(new_page);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 422| \t\tmemcpy(tmp, mapped_data + new_offset, bh_in->b_size);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 423| \t\tkunmap_atomic(mapped_data);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "_pnfs_return_layout", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1345, + "event": "path", + "message": "Condition \"!!(nfs_debug & 4096)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1345, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1347, + "event": "lock", + "message": "Locking \"&ino->i_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1348, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"lo\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1349, + "event": "path", + "message": "Condition \"!lo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1357, + "event": "path", + "message": "Condition \"test_bit(NFS_LAYOUT_RETURN_LOCK, &lo->plh_flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1358, + "event": "unlock", + "message": "Unlocking \"&ino->i_lock\". \"lo\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1359, + "event": "path", + "message": "Condition \"wait_on_bit(&lo->plh_flags, NFS_LAYOUT_RETURN, 2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1362, + "event": "lockagain", + "message": "Locking \"&ino->i_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfs/pnfs.c", + "line": 1364, + "event": "use", + "message": "Using an unreliable value of \"lo\" inside the second locked section. If the data that \"lo\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1362| \t\tspin_lock(&ino->i_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1363| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1364|-> \tvalid_layout = pnfs_layout_is_valid(lo);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1365| \tpnfs_clear_layoutcommit(ino, &tmp_list);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1366| \tpnfs_mark_matching_lsegs_return(lo, &tmp_list, &range, 0);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "nfsd4_destroy_session", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3827, + "event": "path", + "message": "Condition \"nfsd4_compound_in_session(cstate, sessionid)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3828, + "event": "path", + "message": "Condition \"!nfsd4_last_compound_op(r)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3833, + "event": "lock", + "message": "Locking \"&nn->client_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3834, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"ses\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3835, + "event": "path", + "message": "Condition \"!ses\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3838, + "event": "path", + "message": "Condition \"!nfsd4_mach_creds_match(ses->se_client, r)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3841, + "event": "path", + "message": "Condition \"status\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3844, + "event": "unlock", + "message": "Unlocking \"&nn->client_lock\". \"ses\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3848, + "event": "lockagain", + "message": "Locking \"&nn->client_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 3851, + "event": "use", + "message": "Using an unreliable value of \"ses\" inside the second locked section. If the data that \"ses\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3849| \tstatus = nfs_ok;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3850| out_put_session:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3851|-> \tnfsd4_put_session_locked(ses);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3852| out_client_lock:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3853| \tspin_unlock(&nn->client_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "nfsd4_setclientid_confirm", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4230, + "event": "path", + "message": "Condition \"STALE_CLIENTID(clid, nn)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4233, + "event": "lock", + "message": "Locking \"&nn->client_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4234, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"conf\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4244, + "event": "path", + "message": "Condition \"unconf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4244, + "event": "path", + "message": "Condition \"!same_creds(&unconf->cl_cred, &rqstp->rq_cred)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4248, + "event": "path", + "message": "Condition \"conf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4248, + "event": "path", + "message": "Condition \"!same_creds(&conf->cl_cred, &rqstp->rq_cred)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4252, + "event": "path", + "message": "Condition \"!unconf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4252, + "event": "path", + "message": "Condition \"!same_verf(&confirm, &unconf->cl_confirm)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4260, + "event": "path", + "message": "Condition \"conf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4262, + "event": "unlock", + "message": "Unlocking \"old->cl_lock\". \"conf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4263, + "event": "unlock", + "message": "Unlocking \"conf->cl_lock\". \"conf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4264, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4285, + "event": "unlock", + "message": "Unlocking \"&nn->client_lock\". \"conf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4286, + "event": "path", + "message": "Condition \"conf == unconf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4289, + "event": "lockagain", + "message": "Locking \"&nn->client_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/nfsd/nfs4state.c", + "line": 4290, + "event": "use", + "message": "Using an unreliable value of \"conf\" inside the second locked section. If the data that \"conf\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4288| \tnfsd4_probe_callback(conf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4289| \tspin_lock(&nn->client_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4290|-> \tput_client_renew_locked(conf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4291| out:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4292| \tspin_unlock(&nn->client_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "proc_readdir_de", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 289, + "event": "path", + "message": "Condition \"!dir_emit_dots(file, ctx)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 293, + "event": "lock", + "message": "Locking \"&proc_subdir_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 294, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"de\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 295, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 296, + "event": "path", + "message": "Condition \"!de\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 300, + "event": "path", + "message": "Condition \"!i\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 301, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 309, + "event": "unlock", + "message": "Unlocking \"&proc_subdir_lock\". \"de\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 310, + "event": "path", + "message": "Condition \"!dir_emit(ctx, de->name, de->namelen, de->low_ino, de->mode >> 12)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 316, + "event": "lockagain", + "message": "Locking \"&proc_subdir_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 317, + "event": "use", + "message": "Using an unreliable value of \"de\" inside the second locked section. If the data that \"de\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| \t\tctx->pos++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| \t\tread_lock(&proc_subdir_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317|-> \t\tnext = pde_subdir_next(de);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| \t\tpde_put(de);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| \t\tde = next;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "remove_proc_subtree", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 728, + "event": "lock", + "message": "Locking \"&proc_subdir_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 729, + "event": "path", + "message": "Condition \"__xlate_proc_name(name, &parent, &fn) != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 736, + "event": "path", + "message": "Condition \"!root\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 740, + "event": "path", + "message": "Condition \"!!pde_is_permanent(root)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 749, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 751, + "event": "path", + "message": "Condition \"next\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 752, + "event": "path", + "message": "Condition \"!!pde_is_permanent(next)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 760, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 749, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 751, + "event": "path", + "message": "Condition \"next\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 752, + "event": "path", + "message": "Condition \"!!pde_is_permanent(next)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 760, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 749, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 751, + "event": "path", + "message": "Condition \"next\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 752, + "event": "path", + "message": "Condition \"!!pde_is_permanent(next)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 760, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 749, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 751, + "event": "path", + "message": "Condition \"next\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 762, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"next\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 763, + "event": "path", + "message": "Condition \"(de->mode & 0xf000) == 0x4000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 765, + "event": "unlock", + "message": "Unlocking \"&proc_subdir_lock\". \"next\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 767, + "event": "unlock", + "message": "Unlocking \"de->pde_unload_lock\". \"next\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 768, + "event": "path", + "message": "Condition \"de == root\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 772, + "event": "lockagain", + "message": "Locking \"&proc_subdir_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/proc/generic.c", + "line": 773, + "event": "use", + "message": "Using an unreliable value of \"next\" inside the second locked section. If the data that \"next\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 771| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 772| \t\twrite_lock(&proc_subdir_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 773|-> \t\tde = next;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 774| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775| \tpde_put(root);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "__do_sys_quotactl", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 927, + "event": "path", + "message": "Condition \"type >= 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 935, + "event": "path", + "message": "Condition \"!special\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 946, + "event": "path", + "message": "Condition \"cmds == 8388610\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 948, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 951, + "event": "local_ptr_assign_local", + "message": "Assigning: \"pathp\" = \"&path\" (address of local variable \"path\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 955, + "event": "path", + "message": "Condition \"IS_ERR(sb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 960, + "event": "identity_transfer", + "message": "Passing \"pathp\" as argument 6 to function \"do_quotactl\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 960, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"do_quotactl(sb, type, cmds, id, addr, pathp)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 962, + "event": "path", + "message": "Condition \"!quotactl_cmd_onoff(cmds)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 967, + "event": "path", + "message": "Condition \"pathp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 967, + "event": "path", + "message": "Condition \"!IS_ERR(pathp)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/quota/quota.c", + "line": 969, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"path\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 967| \tif (pathp && !IS_ERR(pathp))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 968| \t\tpath_put(pathp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 969|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 970| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 971| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "vfs_readv", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 917, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 921, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 921, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"import_iovec(0, vec, vlen, 8U, &iov, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 922, + "event": "path", + "message": "Condition \"ret >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 927, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 925| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 926| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 927|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 928| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 929| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "vfs_writev", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 934, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 938, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 938, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"import_iovec(1, vec, vlen, 8U, &iov, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 939, + "event": "path", + "message": "Condition \"ret >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/read_write.c", + "line": 945, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 943| \t\tkfree(iov);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 944| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 945|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 946| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 947| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "__do_sys_vmsplice", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1299, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1305, + "event": "path", + "message": "Condition \"!!(flags & 4294967280U /* ~(((1 | 2) | 4) | 8) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1310, + "event": "path", + "message": "Condition \"error\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1313, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1313, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"error\" = \"import_iovec(type, uiov, nr_segs, 8U, &iov, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1315, + "event": "path", + "message": "Condition \"error < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1316, + "event": "path", + "message": "Jumping to label \"out_fdput\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/splice.c", + "line": 1328, + "event": "return_local_addr_alias", + "message": "Returning pointer \"error\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1326| out_fdput:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1327| \tfdput(f);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1328|-> \treturn error;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1329| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1330| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "udf_process_sequence", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1685, + "event": "path", + "message": "Condition \"!data.part_descs_loc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1692, + "event": "path", + "message": "Condition \"!done\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1692, + "event": "path", + "message": "Condition \"block <= lastblock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1694, + "event": "path", + "message": "Condition \"!bh\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1700, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1725, + "event": "local_addr", + "message": "Address of local variable \"data\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1725, + "event": "identity_transfer", + "message": "Passing \"&data\" as argument 3 to function \"get_volume_descriptor_record\", which returns an offset off that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1725, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"curr\" = \"get_volume_descriptor_record(ident, bh, &data)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1726, + "event": "path", + "message": "Condition \"IS_ERR(curr)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1728, + "event": "identity_transfer", + "message": "Passing \"curr\" as argument 1 to function \"PTR_ERR\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1728, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"PTR_ERR(curr)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1729, + "event": "path", + "message": "Jumping to label \"out\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/udf/super.c", + "line": 1775, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"data\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1773| out:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1774| \tkfree(data.part_descs_loc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1775|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1776| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1777| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "userfaultfd_ctx_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1034, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1035, + "event": "path", + "message": "Switch case value \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1035, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1038, + "event": "path", + "message": "Condition \"uwq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1082, + "event": "lock", + "message": "Locking \"&ctx->event_wqh.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1084, + "event": "path", + "message": "Condition \"uwq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1087, + "event": "path", + "message": "Condition \"uwq->msg.event == 19\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1088, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"fork_nctx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1098, + "event": "unlock", + "message": "Unlocking \"&ctx->event_wqh.lock\". \"fork_nctx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1100, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1123, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1124, + "event": "unlock", + "message": "Unlocking \"&ctx->fd_wqh.lock\". \"fork_nctx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1126, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1126, + "event": "path", + "message": "Condition \"msg->event == 19\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1129, + "event": "path", + "message": "Condition \"!list_empty(&fork_event)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1128, + "event": "lockagain", + "message": "Locking \"&ctx->event_wqh.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1134, + "event": "use", + "message": "Using an unreliable value of \"fork_nctx\" inside the second locked section. If the data that \"fork_nctx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1132| \t\t\t * drop the temporary refcount.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1133| \t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1134|-> \t\t\tuserfaultfd_ctx_put(fork_nctx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1135| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1136| \t\t\tuwq = list_first_entry(&fork_event,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "userfaultfd_ctx_read", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1034, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1035, + "event": "path", + "message": "Switch case value \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1035, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1038, + "event": "path", + "message": "Condition \"uwq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1082, + "event": "lock", + "message": "Locking \"&ctx->event_wqh.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1084, + "event": "path", + "message": "Condition \"uwq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1087, + "event": "path", + "message": "Condition \"uwq->msg.event == 19\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1088, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"fork_nctx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1098, + "event": "unlock", + "message": "Unlocking \"&ctx->event_wqh.lock\". \"fork_nctx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1100, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1123, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1124, + "event": "unlock", + "message": "Unlocking \"&ctx->fd_wqh.lock\". \"fork_nctx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1126, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1126, + "event": "path", + "message": "Condition \"msg->event == 19\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1129, + "event": "path", + "message": "Condition \"!list_empty(&fork_event)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1171, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1128, + "event": "lockagain", + "message": "Locking \"&ctx->event_wqh.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/userfaultfd.c", + "line": 1172, + "event": "use", + "message": "Using an unreliable value of \"fork_nctx\" inside the second locked section. If the data that \"fork_nctx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1170| \t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1171| \t\t\tif (ret)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1172|-> \t\t\t\tuserfaultfd_ctx_put(fork_nctx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1173| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1174| \t\tspin_unlock_irq(&ctx->event_wqh.lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "xlog_state_do_iclog_callbacks", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2816, + "event": "path", + "message": "Condition \"xlog_state_iodone_process_iclog(log, iclog)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2818, + "event": "path", + "message": "Condition \"iclog->ic_state != XLOG_STATE_CALLBACK\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2830, + "event": "lock", + "message": "Locking \"&log->l_icloglock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2832, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"iclog\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2833, + "event": "path", + "message": "Condition \"iclog != first_iclog\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2816, + "event": "path", + "message": "Condition \"xlog_state_iodone_process_iclog(log, iclog)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2818, + "event": "path", + "message": "Condition \"iclog->ic_state != XLOG_STATE_CALLBACK\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2823, + "event": "unlock", + "message": "Unlocking \"&log->l_icloglock\". \"iclog\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2830, + "event": "lockagain", + "message": "Locking \"&log->l_icloglock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_log.c", + "line": 2831, + "event": "use", + "message": "Using an unreliable value of \"iclog\" inside the second locked section. If the data that \"iclog\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2829| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2830| \t\tspin_lock(&log->l_icloglock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2831|-> \t\txlog_state_clean_iclog(log, iclog);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2832| \t\ticlog = iclog->ic_next;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2833| \t} while (iclog != first_iclog);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "_xfs_mru_cache_reap", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 273, + "event": "path", + "message": "Condition \"!mru\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 273, + "event": "path", + "message": "Condition \"!mru->lists\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 276, + "event": "lock", + "message": "Locking \"&mru->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 277, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"next\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 278, + "event": "unlock", + "message": "Unlocking \"mru->lock\". \"next\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 278, + "event": "lockagain", + "message": "Locking \"mru->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_mru_cache.c", + "line": 280, + "event": "use", + "message": "Using an unreliable value of \"next\" inside the second locked section. If the data that \"next\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278| \t_xfs_mru_cache_clear_reap_list(mru);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280|-> \tmru->queued = next;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 281| \tif ((mru->queued > 0)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 282| \t\tnow = jiffies;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "xfs_fs_inode_init_once", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_inode.h", + "line": 76, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 629, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/fs.h", + "line": 630, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/fs/xfs/xfs_super.c", + "line": 695, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 693| \tstruct xfs_inode\t*ip = inode;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 694| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 695|-> \tmemset(ip, 0, sizeof(struct xfs_inode));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 696| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 697| \t/* vfs inode */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ptr_ring_resize_multiple", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 629, + "event": "path", + "message": "Condition \"!queues\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 632, + "event": "path", + "message": "Condition \"i < nrings\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 634, + "event": "path", + "message": "Condition \"!queues[i]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 636, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 632, + "event": "path", + "message": "Condition \"i < nrings\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 634, + "event": "path", + "message": "Condition \"!queues[i]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 636, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 632, + "event": "path", + "message": "Condition \"i < nrings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 638, + "event": "path", + "message": "Condition \"i < nrings\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 640, + "event": "lock", + "message": "Locking \"&rings[i]->producer_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 641, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"queues[i]\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 643, + "event": "unlock", + "message": "Unlocking \"&rings[i]->producer_lock\". \"queues[i]\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 644, + "event": "unlock", + "message": "Unlocking \"&rings[i]->consumer_lock\". \"queues[i]\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 645, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 638, + "event": "path", + "message": "Condition \"i < nrings\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 640, + "event": "lockagain", + "message": "Locking \"&rings[i]->producer_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/include/linux/ptr_ring.h", + "line": 641, + "event": "use", + "message": "Using an unreliable value of \"queues[i]\" inside the second locked section. If the data that \"queues[i]\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 639| \t\tspin_lock_irqsave(&(rings[i])->consumer_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 640| \t\tspin_lock(&(rings[i])->producer_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 641|-> \t\tqueues[i] = __ptr_ring_swap_queue(rings[i], queues[i],", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 642| \t\t\t\t\t\t size, gfp, destroy);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 643| \t\tspin_unlock(&(rings[i])->producer_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "io_worker_handle_work", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 556, + "event": "lock", + "message": "Locking \"&acct->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 557, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"work\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 558, + "event": "unlock", + "message": "Unlocking \"&acct->lock\". \"work\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 559, + "event": "path", + "message": "Condition \"work\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 560, + "event": "unlock", + "message": "Unlocking \"wqe->lock\". \"work\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 569, + "event": "lockagain", + "message": "Locking \"&worker->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/io_uring/io-wq.c", + "line": 570, + "event": "use", + "message": "Using an unreliable value of \"work\" inside the second locked section. If the data that \"work\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568| \t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569| \t\t\traw_spin_lock(&worker->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 570|-> \t\t\tworker->next_work = work;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 571| \t\t\traw_spin_unlock(&worker->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 572| \t\t} else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "do_msgrcv", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1103, + "event": "path", + "message": "Condition \"msqid < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1103, + "event": "path", + "message": "Condition \"(long)bufsz < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1106, + "event": "path", + "message": "Condition \"msgflg & 0x4000\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1117, + "event": "path", + "message": "Condition \"IS_ERR(msq)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1123, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1127, + "event": "path", + "message": "Condition \"ipcperms(ns, &msq->q_perm, 292 /* (0x100 | 0x20) | 4 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1130, + "event": "lock", + "message": "Locking \"msq->q_perm.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1133, + "event": "path", + "message": "Condition \"!ipc_valid_object(&msq->q_perm)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1139, + "event": "path", + "message": "Condition \"!IS_ERR(msg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1170, + "event": "path", + "message": "Condition \"msgflg & 0x800\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1179, + "event": "path", + "message": "Condition \"msgflg & 0x1000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1180, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1185, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1185, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"*((struct msg_msg * volatile *)&msr_d.r_msg)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1188, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1190, + "event": "unlock", + "message": "Unlocking \"msq->q_perm.lock\". \"*((struct msg_msg * volatile *)&msr_d.r_msg)\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1215, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1216, + "event": "path", + "message": "Condition \"msg != ERR_PTR(-11)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1229, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (msr_d.r_msg) == sizeof (char) || sizeof (msr_d.r_msg) == sizeof (short)) || sizeof (msr_d.r_msg) == sizeof (int)) || sizeof (msr_d.r_msg) == sizeof (long)) || sizeof (msr_d.r_msg) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1227, + "event": "lockagain", + "message": "Locking \"msq->q_perm.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/ipc/msg.c", + "line": 1229, + "event": "use", + "message": "Using an unreliable value of \"*((struct msg_msg * const volatile *)&msr_d.r_msg)\" inside the second locked section. If the data that \"*((struct msg_msg * const volatile *)&msr_d.r_msg)\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1227| \t\tipc_lock_object(&msq->q_perm);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1228| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1229|-> \t\tmsg = READ_ONCE(msr_d.r_msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1230| \t\tif (msg != ERR_PTR(-EAGAIN))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1231| \t\t\tgoto out_unlock0;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "tag_chunk", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 467, + "event": "path", + "message": "Condition \"!mark\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 476, + "event": "lock", + "message": "Locking \"&hash_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 477, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"old\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 478, + "event": "path", + "message": "Condition \"n < old->count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 479, + "event": "path", + "message": "Condition \"old->owners[n].owner == tree\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 485, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 478, + "event": "path", + "message": "Condition \"n < old->count\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 479, + "event": "path", + "message": "Condition \"old->owners[n].owner == tree\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 485, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 478, + "event": "path", + "message": "Condition \"n < old->count\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 486, + "event": "unlock", + "message": "Unlocking \"&hash_lock\". \"old\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 489, + "event": "path", + "message": "Condition \"!chunk\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 496, + "event": "path", + "message": "Condition \"tree->goner\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 508, + "event": "path", + "message": "Condition \"!tree->root\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 495, + "event": "lockagain", + "message": "Locking \"&hash_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/audit_tree.c", + "line": 516, + "event": "use", + "message": "Using an unreliable value of \"old\" inside the second locked section. If the data that \"old\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| \t * called, new RCU readers can see the new chunk.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| \t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516|-> \treplace_chunk(chunk, old);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \tspin_unlock(&hash_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| \tmutex_unlock(&audit_tree_group->mark_mutex);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "bpf_find_btf_id", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 545, + "event": "path", + "message": "Condition \"IS_ERR(btf)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 547, + "event": "path", + "message": "Condition \"!btf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 554, + "event": "path", + "message": "Condition \"ret > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 561, + "event": "lock", + "message": "Locking \"&btf_idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 562, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"btf\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 562, + "event": "path", + "message": "Condition \"(btf = idr_get_next(&btf_idr, &id)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 563, + "event": "path", + "message": "Condition \"!btf_is_module(btf)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 569, + "event": "unlock", + "message": "Unlocking \"&btf_idr_lock\". \"btf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 571, + "event": "path", + "message": "Condition \"ret > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 575, + "event": "lockagain", + "message": "Locking \"&btf_idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 576, + "event": "use", + "message": "Using an unreliable value of \"btf\" inside the second locked section. If the data that \"btf\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| \t\tspin_lock_bh(&btf_idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576|-> \t\tbtf_put(btf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| \tspin_unlock_bh(&btf_idr_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "bpf_core_find_cands", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8191, + "event": "path", + "message": "Condition \"IS_ERR(main_btf)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8193, + "event": "path", + "message": "Condition \"!main_btf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8197, + "event": "path", + "message": "Condition \"!local_type\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8201, + "event": "path", + "message": "Condition \"str_is_empty(name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8212, + "event": "path", + "message": "Condition \"cc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8213, + "event": "path", + "message": "Condition \"cc->cnt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8215, + "event": "path", + "message": "Jumping to label \"check_modules\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8237, + "event": "path", + "message": "Condition \"cc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8242, + "event": "lock", + "message": "Locking \"&btf_idr_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8243, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mod_btf\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8243, + "event": "path", + "message": "Condition \"(mod_btf = idr_get_next(&btf_idr, &id)) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8244, + "event": "path", + "message": "Condition \"!btf_is_module(mod_btf)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8250, + "event": "unlock", + "message": "Unlocking \"&btf_idr_lock\". \"mod_btf\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8252, + "event": "path", + "message": "Condition \"IS_ERR(cands)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8256, + "event": "lockagain", + "message": "Locking \"&btf_idr_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/btf.c", + "line": 8257, + "event": "use", + "message": "Using an unreliable value of \"mod_btf\" inside the second locked section. If the data that \"mod_btf\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8255| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8256| \t\tspin_lock_bh(&btf_idr_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8257|-> \t\tbtf_put(mod_btf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8258| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8259| \tspin_unlock_bh(&btf_idr_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "__cgroup_bpf_run_filter_setsockopt", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1804, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x552 > __UNIQUE_ID___y553\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1805, + "event": "local_ptr_identity_local", + "message": "\"sockopt_alloc_buf(&ctx, max_optlen, &buf)\" stores \"&buf\" (address of local variable \"buf\") into \"ctx.optval\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1806, + "event": "path", + "message": "Condition \"max_optlen < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1811, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x554 < __UNIQUE_ID___y555\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1811, + "event": "path", + "message": "Condition \"copy_from_user(ctx.optval, optval, ({...; (__UNIQUE_ID___x554 < __UNIQUE_ID___y555) ? __UNIQUE_ID___x554 : __UNIQUE_ID___y555;})) != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1821, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1824, + "event": "path", + "message": "Condition \"ctx.optlen == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1827, + "event": "path", + "message": "Condition \"ctx.optlen > max_optlen\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1827, + "event": "path", + "message": "Condition \"ctx.optlen < -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1841, + "event": "path", + "message": "Condition \"ctx.optlen != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1849, + "event": "path", + "message": "Condition \"!sockopt_buf_allocated(&ctx, &buf)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1859, + "event": "escape_local_addr_alias", + "message": "Returning, through \"*kernel_optval\", pointer \"ctx.optval\" which points to local variable \"buf\".", + "verbosity_level": 0 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/bpf/cgroup.c", + "line": 1862, + "event": "return", + "message": "Returning here.", + "verbosity_level": 2 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1857| \t\t\t\t*kernel_optval = p;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1858| \t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1859|-> \t\t\t\t*kernel_optval = ctx.optval;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1860| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1861| \t\t\t/* export and don't free sockopt buf */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "cgroup_rstat_flush_locked", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "path", + "message": "Condition \"cpu < nr_cpu_ids\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "path", + "message": "Condition \"(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 196, + "event": "path", + "message": "Condition \"pos = cgroup_rstat_cpu_pop_updated(pos, cgrp, cpu)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 211, + "event": "path", + "message": "Condition \"may_sleep\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 211, + "event": "path", + "message": "Condition \"need_resched()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 214, + "event": "path", + "message": "Condition \"!({...; _cond_resched();})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 216, + "event": "lock", + "message": "Locking \"&cgroup_rstat_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 218, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cpu\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "path", + "message": "Condition \"cpu < nr_cpu_ids\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "path", + "message": "Condition \"(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 196, + "event": "path", + "message": "Condition \"pos = cgroup_rstat_cpu_pop_updated(pos, cgrp, cpu)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 208, + "event": "unlock", + "message": "Unlocking \"cpu_lock\". \"cpu\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 211, + "event": "path", + "message": "Condition \"may_sleep\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 211, + "event": "path", + "message": "Condition \"need_resched()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 213, + "event": "unlock", + "message": "Unlocking \"&cgroup_rstat_lock\". \"cpu\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 214, + "event": "path", + "message": "Condition \"!({...; _cond_resched();})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 218, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 216, + "event": "lockagain", + "message": "Locking \"&cgroup_rstat_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/cgroup/rstat.c", + "line": 181, + "event": "use", + "message": "Using an unreliable value of \"cpu\" inside the second locked section. If the data that \"cpu\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179| \tlockdep_assert_held(&cgroup_rstat_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 181|-> \tfor_each_possible_cpu(cpu) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 182| \t\traw_spinlock_t *cpu_lock = per_cpu_ptr(&cgroup_rstat_cpu_lock,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| \t\t\t\t\t\t cpu);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rt_mutex_adjust_prio_chain", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 662, + "event": "path", + "message": "Condition \"++depth > max_lock_depth\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 768, + "event": "path", + "message": "Condition \"!detect_deadlock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 801, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 690, + "event": "lock", + "message": "Locking \"&task->pi_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 768, + "event": "path", + "message": "Condition \"!detect_deadlock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 792, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"lock == orig_lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"rt_mutex_owner(lock) == top_task\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 838, + "event": "path", + "message": "Condition \"!requeue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 842, + "event": "unlock", + "message": "Unlocking \"&task->pi_lock\". \"lock\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 849, + "event": "path", + "message": "Condition \"!rt_mutex_owner(lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 856, + "event": "lockagain", + "message": "Locking \"&task->pi_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 868, + "event": "use", + "message": "Using an unreliable value of \"lock\" inside the second locked section. If the data that \"lock\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 866| \t\t * Get the top waiter for the next iteration", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 867| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 868|-> \t\ttop_waiter = rt_mutex_top_waiter(lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 869| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 870| \t\t/* [13] Drop locks */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rt_mutex_adjust_prio_chain", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 34, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 662, + "event": "path", + "message": "Condition \"++depth > max_lock_depth\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 801, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 690, + "event": "lock", + "message": "Locking \"&task->pi_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 792, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"lock == orig_lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"rt_mutex_owner(lock) == top_task\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 838, + "event": "path", + "message": "Condition \"!requeue\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 911, + "event": "unlock", + "message": "Unlocking \"&task->pi_lock\". \"lock\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 921, + "event": "path", + "message": "Condition \"!rt_mutex_owner(lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 936, + "event": "lockagain", + "message": "Locking \"&task->pi_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 939, + "event": "use", + "message": "Using an unreliable value of \"lock\" inside the second locked section. If the data that \"lock\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 937| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 938| \t/* [11] requeue the pi waiters if necessary */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 939|-> \tif (waiter == rt_mutex_top_waiter(lock)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 940| \t\t/*", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 941| \t\t * The waiter became the new top (highest priority)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rt_mutex_adjust_prio_chain", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 662, + "event": "path", + "message": "Condition \"++depth > max_lock_depth\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 801, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 690, + "event": "lock", + "message": "Locking \"&task->pi_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 695, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"waiter\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"lock == orig_lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"rt_mutex_owner(lock) == top_task\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 838, + "event": "path", + "message": "Condition \"!requeue\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 911, + "event": "unlock", + "message": "Unlocking \"&task->pi_lock\". \"waiter\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 921, + "event": "path", + "message": "Condition \"!rt_mutex_owner(lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 939, + "event": "path", + "message": "Condition \"waiter == rt_mutex_top_waiter(lock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 936, + "event": "lockagain", + "message": "Locking \"&task->pi_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 947, + "event": "use", + "message": "Using an unreliable value of \"waiter\" inside the second locked section. If the data that \"waiter\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 945| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 946| \t\trt_mutex_dequeue_pi(task, prerequeue_top_waiter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 947|-> \t\trt_mutex_enqueue_pi(task, waiter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 948| \t\trt_mutex_adjust_prio(task);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 949| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rt_mutex_adjust_prio_chain", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 36, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 662, + "event": "path", + "message": "Condition \"++depth > max_lock_depth\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 801, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 690, + "event": "lock", + "message": "Locking \"&task->pi_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 695, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"waiter\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 706, + "event": "path", + "message": "Condition \"!waiter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"orig_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 713, + "event": "path", + "message": "Condition \"!rt_mutex_owner(orig_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 725, + "event": "path", + "message": "Condition \"next_lock != waiter->lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"waiter->ww_ctx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 750, + "event": "path", + "message": "Condition \"detect_deadlock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 758, + "event": "path", + "message": "Condition \"top_waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 759, + "event": "path", + "message": "Condition \"!task_has_pi_waiters(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 767, + "event": "path", + "message": "Condition \"top_waiter != task_top_pi_waiter(task)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 782, + "event": "path", + "message": "Condition \"rt_mutex_waiter_equal(waiter, &struct rt_mutex_waiter({.prio = __waiter_prio(task), .deadline = task->dl.deadline}))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 798, + "event": "path", + "message": "Condition \"!_raw_spin_trylock(&lock->wait_lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"lock == orig_lock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 813, + "event": "path", + "message": "Condition \"rt_mutex_owner(lock) == top_task\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 838, + "event": "path", + "message": "Condition \"!requeue\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 911, + "event": "unlock", + "message": "Unlocking \"&task->pi_lock\". \"waiter\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 921, + "event": "path", + "message": "Condition \"!rt_mutex_owner(lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 939, + "event": "path", + "message": "Condition \"waiter == rt_mutex_top_waiter(lock)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 950, + "event": "path", + "message": "Condition \"prerequeue_top_waiter == waiter\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 936, + "event": "lockagain", + "message": "Locking \"&task->pi_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 961, + "event": "use", + "message": "Using an unreliable value of \"waiter\" inside the second locked section. If the data that \"waiter\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 959| \t\t * we continue to deboost the rest of the chain.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 960| \t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 961|-> \t\trt_mutex_dequeue_pi(task, waiter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 962| \t\twaiter = rt_mutex_top_waiter(lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 963| \t\trt_mutex_enqueue_pi(task, waiter);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__rt_mutex_slowlock", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1635, + "event": "path", + "message": "Condition \"try_to_take_rt_mutex(lock, get_current(), NULL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1643, + "event": "path", + "message": "Switch case value \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1643, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1647, + "event": "lock", + "message": "Locking \"lock->wait_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1647, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"ret\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1648, + "event": "path", + "message": "Condition \"!!!ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1651, + "event": "path", + "message": "Condition \"!!!ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1659, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (get_current()->__state) == sizeof (char) || sizeof (get_current()->__state) == sizeof (short)) || sizeof (get_current()->__state) == sizeof (int)) || sizeof (get_current()->__state) == sizeof (long)) || sizeof (get_current()->__state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1660, + "event": "unlock", + "message": "Unlocking \"lock->wait_lock\". \"ret\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1660, + "event": "lockagain", + "message": "Locking \"lock->wait_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/locking/rtmutex.c", + "line": 1661, + "event": "use", + "message": "Using an unreliable value of \"ret\" inside the second locked section. If the data that \"ret\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1659| \t\t__set_current_state(TASK_RUNNING);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1660| \t\tremove_waiter(lock, waiter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1661|-> \t\trt_mutex_handle_deadlock(ret, chwalk, waiter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1662| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1663| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "srcu_gp_end", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 759, + "event": "lock", + "message": "Locking \"&ssp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 765, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 767, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"gpseq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 768, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 769, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 770, + "event": "unlock", + "message": "Unlocking \"&ssp->lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 771, + "event": "unlock", + "message": "Unlocking \"ssp->srcu_gp_mutex.wait_lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 776, + "event": "path", + "message": "Condition \"ss_state < 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 781, + "event": "path", + "message": "Condition \"snp < &ssp->node[rcu_num_nodes]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 784, + "event": "path", + "message": "Condition \"snp >= ssp->level[rcu_num_lvls - 1]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 785, + "event": "path", + "message": "Condition \"last_lvl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 786, + "event": "path", + "message": "Condition \"ss_state < 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 782, + "event": "lockagain", + "message": "Locking \"&snp->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 787, + "event": "use", + "message": "Using an unreliable value of \"gpseq\" inside the second locked section. If the data that \"gpseq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 785| \t\t\tif (last_lvl)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 786| \t\t\t\tcbs = ss_state < SRCU_SIZE_BIG || snp->srcu_have_cbs[idx] == gpseq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 787|-> \t\t\tsnp->srcu_have_cbs[idx] = gpseq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 788| \t\t\trcu_seq_set_state(&snp->srcu_have_cbs[idx], 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 789| \t\t\tsgsne = snp->srcu_gp_seq_needed_exp;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "srcu_gp_end", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 759, + "event": "lock", + "message": "Locking \"&ssp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 765, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 767, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"gpseq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 768, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 769, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 770, + "event": "unlock", + "message": "Unlocking \"&ssp->lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 771, + "event": "unlock", + "message": "Unlocking \"ssp->srcu_gp_mutex.wait_lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 776, + "event": "path", + "message": "Condition \"ss_state < 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 779, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 804, + "event": "path", + "message": "Condition \"!(gpseq & counter_wrap_check)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 805, + "event": "path", + "message": "Condition \"cpu < nr_cpu_ids\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 805, + "event": "path", + "message": "Condition \"(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 808, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed + 100)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 807, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sdp->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 809, + "event": "use", + "message": "Using an unreliable value of \"gpseq\" inside the second locked section. If the data that \"gpseq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 807| \t\t\tspin_lock_irqsave_rcu_node(sdp, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 808| \t\t\tif (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed + 100))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 809|-> \t\t\t\tsdp->srcu_gp_seq_needed = gpseq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 810| \t\t\tif (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed_exp + 100))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 811| \t\t\t\tsdp->srcu_gp_seq_needed_exp = gpseq;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "srcu_gp_end", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 759, + "event": "lock", + "message": "Locking \"&ssp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 761, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq) == sizeof (char) || sizeof (ssp->srcu_gp_seq) == sizeof (short)) || sizeof (ssp->srcu_gp_seq) == sizeof (int)) || sizeof (ssp->srcu_gp_seq) == sizeof (long)) || sizeof (ssp->srcu_gp_seq) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 762, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq);}) - ({...; *((unsigned long const volatile *)&ssp->srcu_gp_seq_needed_exp);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 765, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_last_gp_end) == sizeof (char) || sizeof (ssp->srcu_last_gp_end) == sizeof (short)) || sizeof (ssp->srcu_last_gp_end) == sizeof (int)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long)) || sizeof (ssp->srcu_last_gp_end) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 767, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"gpseq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 768, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ < ssp->srcu_gp_seq_needed_exp - gpseq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 769, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (char) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (short)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (int)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long)) || sizeof (ssp->srcu_gp_seq_needed_exp) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 770, + "event": "unlock", + "message": "Unlocking \"&ssp->lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 771, + "event": "unlock", + "message": "Unlocking \"ssp->srcu_gp_mutex.wait_lock\". \"gpseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) || sizeof (ssp->srcu_size_state) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 775, + "event": "path", + "message": "Condition \"0 /* !(((sizeof (ssp->srcu_size_state) == sizeof (char) || sizeof (ssp->srcu_size_state) == sizeof (short)) || sizeof (ssp->srcu_size_state) == sizeof (int)) || sizeof (ssp->srcu_size_state) == sizeof (long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 776, + "event": "path", + "message": "Condition \"ss_state < 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 779, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 804, + "event": "path", + "message": "Condition \"!(gpseq & counter_wrap_check)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 805, + "event": "path", + "message": "Condition \"cpu < nr_cpu_ids\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 805, + "event": "path", + "message": "Condition \"(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 808, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed + 100)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 810, + "event": "path", + "message": "Condition \"9223372036854775807UL /* ~0UL / 2 */ >= gpseq - (sdp->srcu_gp_seq_needed_exp + 100)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 807, + "event": "lockagain", + "message": "Locking \"spinlock_check(&sdp->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/srcutree.c", + "line": 811, + "event": "use", + "message": "Using an unreliable value of \"gpseq\" inside the second locked section. If the data that \"gpseq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 809| \t\t\t\tsdp->srcu_gp_seq_needed = gpseq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 810| \t\t\tif (ULONG_CMP_GE(gpseq, sdp->srcu_gp_seq_needed_exp + 100))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 811|-> \t\t\t\tsdp->srcu_gp_seq_needed_exp = gpseq;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 812| \t\t\tspin_unlock_irqrestore_rcu_node(sdp, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 813| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rcu_report_qs_rnp", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 43, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1912, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"!(rnp->qsmask & mask)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"rnp->gp_seq != gps\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1925, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1926, + "event": "path", + "message": "Condition \"!!rnp->gp_tasks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1930, + "event": "path", + "message": "Condition \"rnp->qsmask != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1930, + "event": "path", + "message": "Condition \"rcu_preempt_blocked_readers_cgp(rnp)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1938, + "event": "path", + "message": "Condition \"rnp->parent == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1947, + "event": "lock", + "message": "Locking \"&rnp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1948, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp_c->qsmask) == sizeof (char) || sizeof (rnp_c->qsmask) == sizeof (short)) || sizeof (rnp_c->qsmask) == sizeof (int)) || sizeof (rnp_c->qsmask) == sizeof (long)) || sizeof (rnp_c->qsmask) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1949, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1912, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"!(rnp->qsmask & mask)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"rnp->gp_seq != gps\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1925, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1926, + "event": "path", + "message": "Condition \"!!rnp->gp_tasks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1930, + "event": "path", + "message": "Condition \"rnp->qsmask != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1930, + "event": "path", + "message": "Condition \"rcu_preempt_blocked_readers_cgp(rnp)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1937, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mask\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1938, + "event": "path", + "message": "Condition \"rnp->parent == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1944, + "event": "unlock", + "message": "Unlocking \"&rnp->lock\". \"mask\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1948, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp_c->qsmask) == sizeof (char) || sizeof (rnp_c->qsmask) == sizeof (short)) || sizeof (rnp_c->qsmask) == sizeof (int)) || sizeof (rnp_c->qsmask) == sizeof (long)) || sizeof (rnp_c->qsmask) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1949, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1912, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"!(rnp->qsmask & mask)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"mask\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1913, + "event": "path", + "message": "Condition \"rnp->gp_seq != gps\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1922, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1923, + "event": "path", + "message": "Condition \"!!__ret_warn_on\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1925, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp->qsmask) == sizeof (char) || sizeof (rnp->qsmask) == sizeof (short)) || sizeof (rnp->qsmask) == sizeof (int)) || sizeof (rnp->qsmask) == sizeof (long)) || sizeof (rnp->qsmask) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1947, + "event": "lockagain", + "message": "Locking \"&rnp->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 1926, + "event": "use", + "message": "Using an unreliable value of \"mask\" inside the second locked section. If the data that \"mask\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1924| \t\t\t rcu_preempt_blocked_readers_cgp(rnp));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1925| \t\tWRITE_ONCE(rnp->qsmask, rnp->qsmask & ~mask);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1926|-> \t\ttrace_rcu_quiescent_state_report(rcu_state.name, rnp->gp_seq,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1927| \t\t\t\t\t\t mask, rnp->qsmask, rnp->level,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1928| \t\t\t\t\t\t rnp->grplo, rnp->grphi,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rcu_barrier", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3956, + "event": "path", + "message": "Condition \"rcu_seq_done(&rcu_state.barrier_sequence, s)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3964, + "event": "lock", + "message": "Locking \"&rcu_state.barrier_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3966, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"gseq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3978, + "event": "unlock", + "message": "Unlocking \"&rcu_state.barrier_lock\". \"gseq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3985, + "event": "path", + "message": "Condition \"cpu < nr_cpu_ids\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3985, + "event": "path", + "message": "Condition \"(cpu = cpumask_next(cpu, (struct cpumask const *)&__cpu_possible_mask)) , (cpu < nr_cpu_ids)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3988, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) || sizeof (rdp->barrier_seq_snap) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3988, + "event": "path", + "message": "Condition \"0 /* !(((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3988, + "event": "path", + "message": "Condition \"({...; ___p1;}) == gseq\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3991, + "event": "path", + "message": "Condition \"!rcu_segcblist_n_cbs(&rdp->cblist)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3992, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rdp->barrier_seq_snap) == sizeof (char) || sizeof (rdp->barrier_seq_snap) == sizeof (short)) || sizeof (rdp->barrier_seq_snap) == sizeof (int)) || sizeof (rdp->barrier_seq_snap) == sizeof (long)) || sizeof (rdp->barrier_seq_snap) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3990, + "event": "lockagain", + "message": "Locking \"&rcu_state.barrier_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 3992, + "event": "use", + "message": "Using an unreliable value of \"gseq\" inside the second locked section. If the data that \"gseq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3990| \t\traw_spin_lock_irqsave(&rcu_state.barrier_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3991| \t\tif (!rcu_segcblist_n_cbs(&rdp->cblist)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3992|-> \t\t\tWRITE_ONCE(rdp->barrier_seq_snap, gseq);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3993| \t\t\traw_spin_unlock_irqrestore(&rcu_state.barrier_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3994| \t\t\trcu_barrier_trace(TPS(\"NQ\"), cpu, rcu_state.barrier_sequence);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rcutree_prepare_cpu", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4108, + "event": "lock", + "message": "Locking \"&rnp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4108, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"flags\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4110, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rcu_state.n_force_qs) == sizeof (char) || sizeof (rcu_state.n_force_qs) == sizeof (short)) || sizeof (rcu_state.n_force_qs) == sizeof (int)) || sizeof (rcu_state.n_force_qs) == sizeof (long)) || sizeof (rcu_state.n_force_qs) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4113, + "event": "unlock", + "message": "Unlocking \"&rnp->lock\". \"flags\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4119, + "event": "path", + "message": "Condition \"!rcu_segcblist_is_enabled(&rdp->cblist)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4130, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (rnp->gp_seq) == sizeof (char) || sizeof (rnp->gp_seq) == sizeof (short)) || sizeof (rnp->gp_seq) == sizeof (int)) || sizeof (rnp->gp_seq) == sizeof (long)) || sizeof (rnp->gp_seq) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4128, + "event": "lockagain", + "message": "Locking \"&rnp->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/rcu/tree.c", + "line": 4138, + "event": "use", + "message": "Using an unreliable value of \"flags\" inside the second locked section. If the data that \"flags\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4136| \trdp->rcu_iw_gp_seq = rdp->gp_seq - 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4137| \ttrace_rcu_grace_period(rcu_state.name, rdp->gp_seq, TPS(\"cpuonl\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4138|-> \traw_spin_unlock_irqrestore_rcu_node(rnp, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4139| \trcu_spawn_one_boost_kthread(rnp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4140| \trcu_spawn_cpu_nocb_kthread(cpu);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__wake_up_common_lock", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 137, + "event": "lock", + "message": "Locking \"spinlock_check(&wq_head->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 138, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"remaining\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 140, + "event": "unlock", + "message": "Unlocking \"&wq_head->lock\". \"remaining\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 141, + "event": "path", + "message": "Condition \"bookmark.flags & 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 137, + "event": "lockagain", + "message": "Locking \"spinlock_check(&wq_head->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/sched/wait.c", + "line": 138, + "event": "use", + "message": "Using an unreliable value of \"remaining\" inside the second locked section. If the data that \"remaining\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136| \tdo {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| \t\tspin_lock_irqsave(&wq_head->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138|-> \t\tremaining = __wake_up_common(wq_head, mode, remaining,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| \t\t\t\t\t\twake_flags, key, &bookmark);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 140| \t\tspin_unlock_irqrestore(&wq_head->lock, flags);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "osnoise_cpus_write", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2144, + "event": "path", + "message": "Condition \"count >= 256\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2147, + "event": "path", + "message": "Condition \"copy_from_user(buf, ubuf, count)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2150, + "event": "path", + "message": "Condition \"!zalloc_cpumask_var(&osnoise_cpumask_new, 3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2153, + "event": "local_addr", + "message": "Address of local variable \"buf\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2153, + "event": "identity_transfer", + "message": "Passing \"buf\" as argument 1 to function \"cpulist_parse\", which returns an offset off that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2153, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"err\" = \"cpulist_parse(buf, osnoise_cpumask_new)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2154, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2155, + "event": "path", + "message": "Jumping to label \"err_free\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/kernel/trace/trace_osnoise.c", + "line": 2186, + "event": "return_local_addr_alias", + "message": "Returning pointer \"err\" which points to local variable \"buf\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2184| \tfree_cpumask_var(osnoise_cpumask_new);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2185| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2186|-> \treturn err;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2187| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2188| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "dissolve_free_huge_page", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2094, + "event": "path", + "message": "Condition \"!PageHuge(page)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2097, + "event": "lock", + "message": "Locking \"&hugetlb_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2098, + "event": "path", + "message": "Condition \"!PageHuge(page)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2103, + "event": "path", + "message": "Condition \"!page_count(page)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2105, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"h\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2106, + "event": "path", + "message": "Condition \"h->free_huge_pages - h->resv_huge_pages == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2113, + "event": "path", + "message": "Condition \"!!!HPageFreed(head)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2130, + "event": "unlock", + "message": "Unlocking \"&hugetlb_lock\". \"h\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2141, + "event": "path", + "message": "Condition \"!rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2144, + "event": "lockagain", + "message": "Locking \"&hugetlb_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2145, + "event": "use", + "message": "Using an unreliable value of \"h\" inside the second locked section. If the data that \"h\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2143| \t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2144| \t\t\tspin_lock_irq(&hugetlb_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2145|-> \t\t\tadd_hugetlb_page(h, head, false);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2146| \t\t\th->max_huge_pages++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2147| \t\t\tspin_unlock_irq(&hugetlb_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "dissolve_free_huge_page", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2094, + "event": "path", + "message": "Condition \"!PageHuge(page)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2097, + "event": "lock", + "message": "Locking \"&hugetlb_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2098, + "event": "path", + "message": "Condition \"!PageHuge(page)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2103, + "event": "path", + "message": "Condition \"!page_count(page)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2104, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"head\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2106, + "event": "path", + "message": "Condition \"h->free_huge_pages - h->resv_huge_pages == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2113, + "event": "path", + "message": "Condition \"!!!HPageFreed(head)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2130, + "event": "unlock", + "message": "Unlocking \"&hugetlb_lock\". \"head\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2141, + "event": "path", + "message": "Condition \"!rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2144, + "event": "lockagain", + "message": "Locking \"&hugetlb_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/hugetlb.c", + "line": 2145, + "event": "use", + "message": "Using an unreliable value of \"head\" inside the second locked section. If the data that \"head\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2143| \t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2144| \t\t\tspin_lock_irq(&hugetlb_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2145|-> \t\t\tadd_hugetlb_page(h, head, false);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2146| \t\t\th->max_huge_pages++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2147| \t\t\tspin_unlock_irq(&hugetlb_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "khugepaged_scan_mm_slot", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2106, + "event": "infer_lock", + "message": "Assuming \"&khugepaged_mm_lock\" is locked since it is unlocked without prior lock in this function.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2119, + "event": "path", + "message": "Condition \"khugepaged_scan.mm_slot\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2120, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mm_slot\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2120, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2127, + "event": "unlock", + "message": "Unlocking \"&khugepaged_mm_lock\". \"mm_slot\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2136, + "event": "path", + "message": "Condition \"!!!mmap_read_trylock(mm)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2137, + "event": "path", + "message": "Jumping to label \"breakouterloop_mmap_lock\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2206, + "event": "path", + "message": "Condition \"khugepaged_test_exit(mm)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2212, + "event": "path", + "message": "Condition \"mm_slot->mm_node.next != &khugepaged_scan.mm_head\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2217, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2200, + "event": "lockagain", + "message": "Locking \"&khugepaged_mm_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/khugepaged.c", + "line": 2222, + "event": "use", + "message": "Using an unreliable value of \"mm_slot\" inside the second locked section. If the data that \"mm_slot\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2220| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2221| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2222|-> \t\tcollect_mm_slot(mm_slot);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2223| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2224| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "memcg_list_lru_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 26, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 483, + "event": "path", + "message": "Condition \"!list_lru_memcg_aware(lru)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 483, + "event": "path", + "message": "Condition \"memcg_list_lru_allocated(memcg, lru)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 488, + "event": "path", + "message": "Condition \"!table\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 496, + "event": "path", + "message": "Condition \"memcg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 497, + "event": "path", + "message": "Condition \"memcg_list_lru_allocated(memcg, lru)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 502, + "event": "path", + "message": "Condition \"!table[i].mlru\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 508, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 496, + "event": "path", + "message": "Condition \"memcg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 497, + "event": "path", + "message": "Condition \"memcg_list_lru_allocated(memcg, lru)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 498, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 510, + "event": "lock", + "message": "Locking \"spinlock_check(&xas.xa->xa_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 511, + "event": "path", + "message": "Condition \"i--\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 512, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (table[i].memcg->kmemcg_id) == sizeof (char) || sizeof (table[i].memcg->kmemcg_id) == sizeof (short)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (int)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 513, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"mlru\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 517, + "event": "path", + "message": "Condition \"index < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 517, + "event": "path", + "message": "Condition \"xas_error(&xas)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 517, + "event": "path", + "message": "Condition \"xas_load(&xas)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 521, + "event": "path", + "message": "Condition \"xas_error(&xas) == -12\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 522, + "event": "unlock", + "message": "Unlocking \"&xas.xa->xa_lock\". \"mlru\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 523, + "event": "path", + "message": "Condition \"xas_nomem(&xas, gfp)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 532, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (table[i].memcg->kmemcg_id) == sizeof (char) || sizeof (table[i].memcg->kmemcg_id) == sizeof (short)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (int)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long)) || sizeof (table[i].memcg->kmemcg_id) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 533, + "event": "path", + "message": "Condition \"index < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 534, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 537, + "event": "path", + "message": "Jumping to label \"retry\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 517, + "event": "path", + "message": "Condition \"index < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 525, + "event": "lockagain", + "message": "Locking \"spinlock_check(&xas.xa->xa_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/list_lru.c", + "line": 518, + "event": "use", + "message": "Using an unreliable value of \"mlru\" inside the second locked section. If the data that \"mlru\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516| retry:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \t\tif (unlikely(index < 0 || xas_error(&xas) || xas_load(&xas))) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518|-> \t\t\tkfree(mlru);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 519| \t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 520| \t\t\txas_store(&xas, mlru);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "__do_sys_process_madvise", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1445, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1452, + "event": "path", + "message": "Condition \"flags != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1457, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1457, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"import_iovec(0, vec, vlen, 8U, &iov, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1458, + "event": "path", + "message": "Condition \"ret < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1459, + "event": "path", + "message": "Jumping to label \"out\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/madvise.c", + "line": 1508, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1506| \tkfree(iov);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1507| out:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1508|-> \treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1509| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "free_unref_page_list", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 41, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3522, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3524, + "event": "path", + "message": "Condition \"!free_unref_page_prepare(page, pfn, 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3526, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3522, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3541, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3545, + "event": "path", + "message": "Condition \"zone != locked_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3546, + "event": "path", + "message": "Condition \"pcp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3558, + "event": "path", + "message": "Condition \"!!(migratetype >= MIGRATE_PCPTYPES)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3568, + "event": "path", + "message": "Condition \"++batch_count == 32UL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3573, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3541, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3545, + "event": "path", + "message": "Condition \"zone != locked_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3546, + "event": "path", + "message": "Condition \"pcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3547, + "event": "path", + "message": "Condition \"!!__preempt_count_dec_and_test()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3558, + "event": "path", + "message": "Condition \"!!(migratetype >= MIGRATE_PCPTYPES)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3568, + "event": "path", + "message": "Condition \"++batch_count == 32UL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3573, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3541, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3545, + "event": "path", + "message": "Condition \"zone != locked_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3546, + "event": "path", + "message": "Condition \"pcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3547, + "event": "path", + "message": "Condition \"!!__preempt_count_dec_and_test()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3558, + "event": "path", + "message": "Condition \"!!(migratetype >= MIGRATE_PCPTYPES)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3568, + "event": "path", + "message": "Condition \"++batch_count == 32UL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3569, + "event": "path", + "message": "Condition \"!!__preempt_count_dec_and_test()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3573, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3541, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3545, + "event": "path", + "message": "Condition \"zone != locked_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3546, + "event": "path", + "message": "Condition \"pcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3547, + "event": "path", + "message": "Condition \"!!__preempt_count_dec_and_test()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3550, + "event": "lock", + "message": "Locking \"spinlock_check(&_ret->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3558, + "event": "path", + "message": "Condition \"!!(migratetype >= MIGRATE_PCPTYPES)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3568, + "event": "path", + "message": "Condition \"++batch_count == 32UL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3573, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3541, + "event": "path", + "message": "Condition \"!(&(*page).lru == list)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3542, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"zone\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3545, + "event": "path", + "message": "Condition \"zone != locked_zone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3546, + "event": "path", + "message": "Condition \"pcp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3547, + "event": "unlock", + "message": "Unlocking \"&pcp->lock\". \"zone\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3547, + "event": "path", + "message": "Condition \"!!__preempt_count_dec_and_test()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3558, + "event": "path", + "message": "Condition \"!!(migratetype >= MIGRATE_PCPTYPES)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3550, + "event": "lockagain", + "message": "Locking \"spinlock_check(&_ret->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/page_alloc.c", + "line": 3562, + "event": "use", + "message": "Using an unreliable value of \"zone\" inside the second locked section. If the data that \"zone\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3560| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3561| \t\ttrace_mm_page_free_batched(page);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3562|-> \t\tfree_unref_page_commit(zone, pcp, page, migratetype, 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3563| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3564| \t\t/*", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pcpu_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1740, + "event": "path", + "message": "Condition \"(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1741, + "event": "path", + "message": "Condition \"!(gfp & 8192U /* (gfp_t)8192U */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1749, + "event": "path", + "message": "Condition \"!!(align < (4UL /* 1 << 2 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"align > (4096UL /* 1UL << 12 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!is_power_of_2(align)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1763, + "event": "path", + "message": "Condition \"!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1766, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1772, + "event": "path", + "message": "Condition \"gfp & 32768U /* (gfp_t)32768U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1774, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1780, + "event": "lock", + "message": "Locking \"spinlock_check(&pcpu_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"reserved\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"pcpu_reserved_chunk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1784, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"chunk\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1787, + "event": "path", + "message": "Condition \"off < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1793, + "event": "path", + "message": "Condition \"off >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1794, + "event": "path", + "message": "Jumping to label \"area_found\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1850, + "event": "unlock", + "message": "Unlocking \"&pcpu_lock\". \"chunk\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1853, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1859, + "event": "path", + "message": "Condition \"rs < page_end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1860, + "event": "path", + "message": "Condition \"result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1865, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1864, + "event": "lockagain", + "message": "Locking \"spinlock_check(&pcpu_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1866, + "event": "use", + "message": "Using an unreliable value of \"chunk\" inside the second locked section. If the data that \"chunk\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1864| \t\t\tspin_lock_irqsave(&pcpu_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1865| \t\t\tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1866|-> \t\t\t\tpcpu_free_area(chunk, off);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1867| \t\t\t\terr = \"failed to populate\";", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1868| \t\t\t\tgoto fail_unlock;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pcpu_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1740, + "event": "path", + "message": "Condition \"(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1741, + "event": "path", + "message": "Condition \"!(gfp & 8192U /* (gfp_t)8192U */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1749, + "event": "path", + "message": "Condition \"!!(align < (4UL /* 1 << 2 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"align > (4096UL /* 1UL << 12 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!is_power_of_2(align)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1763, + "event": "path", + "message": "Condition \"!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1766, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1772, + "event": "path", + "message": "Condition \"gfp & 32768U /* (gfp_t)32768U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1774, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1780, + "event": "lock", + "message": "Locking \"spinlock_check(&pcpu_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"reserved\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"pcpu_reserved_chunk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1787, + "event": "path", + "message": "Condition \"off < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1792, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"off\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1793, + "event": "path", + "message": "Condition \"off >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1794, + "event": "path", + "message": "Jumping to label \"area_found\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1850, + "event": "unlock", + "message": "Unlocking \"&pcpu_lock\". \"off\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1853, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1859, + "event": "path", + "message": "Condition \"rs < page_end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1860, + "event": "path", + "message": "Condition \"result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1865, + "event": "path", + "message": "Condition \"ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1864, + "event": "lockagain", + "message": "Locking \"spinlock_check(&pcpu_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1866, + "event": "use", + "message": "Using an unreliable value of \"off\" inside the second locked section. If the data that \"off\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1864| \t\t\tspin_lock_irqsave(&pcpu_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1865| \t\t\tif (ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1866|-> \t\t\t\tpcpu_free_area(chunk, off);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1867| \t\t\t\terr = \"failed to populate\";", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1868| \t\t\t\tgoto fail_unlock;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pcpu_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1740, + "event": "path", + "message": "Condition \"(gfp & (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)) != (3264U /* ((gfp_t)(0x400U | 0x800U) | (gfp_t)64U) | (gfp_t)128U */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1741, + "event": "path", + "message": "Condition \"!(gfp & 8192U /* (gfp_t)8192U */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1749, + "event": "path", + "message": "Condition \"!!(align < (4UL /* 1 << 2 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"size > (32768UL /* (unsigned long)(0x20 << 10) + ((1UL << 12) - 1) & ~((1UL << 12) - 1) */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"align > (4096UL /* 1UL << 12 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1756, + "event": "path", + "message": "Condition \"!is_power_of_2(align)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1763, + "event": "path", + "message": "Condition \"!!!pcpu_memcg_pre_alloc_hook(size, gfp, &objcg)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1766, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1772, + "event": "path", + "message": "Condition \"gfp & 32768U /* (gfp_t)32768U */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1774, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1780, + "event": "lock", + "message": "Locking \"spinlock_check(&pcpu_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"reserved\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1783, + "event": "path", + "message": "Condition \"pcpu_reserved_chunk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1784, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"chunk\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1787, + "event": "path", + "message": "Condition \"off < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1793, + "event": "path", + "message": "Condition \"off >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1794, + "event": "path", + "message": "Jumping to label \"area_found\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1850, + "event": "unlock", + "message": "Unlocking \"&pcpu_lock\". \"chunk\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1853, + "event": "path", + "message": "Condition \"!is_atomic\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1859, + "event": "path", + "message": "Condition \"rs < page_end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1860, + "event": "path", + "message": "Condition \"result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1865, + "event": "path", + "message": "Condition \"ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1864, + "event": "lockagain", + "message": "Locking \"spinlock_check(&pcpu_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 1870, + "event": "use", + "message": "Using an unreliable value of \"chunk\" inside the second locked section. If the data that \"chunk\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1868| \t\t\t\tgoto fail_unlock;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1869| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1870|-> \t\t\tpcpu_chunk_populated(chunk, rs, re);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1871| \t\t\tspin_unlock_irqrestore(&pcpu_lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1872| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pcpu_balance_populated", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2060, + "event": "path", + "message": "Condition \"pcpu_atomic_alloc_failed\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2064, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2070, + "event": "path", + "message": "Condition \"slot <= pcpu_free_slot\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2073, + "event": "path", + "message": "Condition \"!nr_to_pop\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2076, + "event": "path", + "message": "Condition \"!(&chunk->list == &pcpu_chunk_lists[slot])\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2078, + "event": "path", + "message": "Condition \"nr_unpop\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2079, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2082, + "event": "path", + "message": "Condition \"!nr_unpop\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2086, + "event": "path", + "message": "Condition \"rs < chunk->nr_pages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2087, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x417 < __UNIQUE_ID___y418\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2092, + "event": "lock", + "message": "Locking \"&pcpu_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2093, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2096, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2100, + "event": "path", + "message": "Condition \"!nr_to_pop\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2102, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2086, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rs\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2086, + "event": "path", + "message": "Condition \"rs < chunk->nr_pages\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2087, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x417 < __UNIQUE_ID___y418\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2089, + "event": "unlock", + "message": "Unlocking \"&pcpu_lock\". \"rs\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2093, + "event": "path", + "message": "Condition \"!ret\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2092, + "event": "lockagain", + "message": "Locking \"&pcpu_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2095, + "event": "use", + "message": "Using an unreliable value of \"rs\" inside the second locked section. If the data that \"rs\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2093| \t\t\tif (!ret) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2094| \t\t\t\tnr_to_pop -= nr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2095|-> \t\t\t\tpcpu_chunk_populated(chunk, rs, rs + nr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2096| \t\t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2097| \t\t\t\tnr_to_pop = 0;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "pcpu_reclaim_populated", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2149, + "event": "path", + "message": "Condition \"!list_empty(&pcpu_chunk_lists[pcpu_to_depopulate_slot])\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2152, + "event": "path", + "message": "Condition \"result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2161, + "event": "path", + "message": "Condition \"i >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2163, + "event": "path", + "message": "Condition \"chunk->nr_empty_pop_pages == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2164, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2207, + "event": "path", + "message": "Condition \"freed_page_start < freed_page_end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2213, + "event": "lock", + "message": "Locking \"&pcpu_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2216, + "event": "path", + "message": "Condition \"reintegrate\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2216, + "event": "path", + "message": "Condition \"chunk->free_bytes == pcpu_unit_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2217, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2221, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2149, + "event": "path", + "message": "Condition \"!list_empty(&pcpu_chunk_lists[pcpu_to_depopulate_slot])\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2152, + "event": "path", + "message": "Condition \"result\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2158, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"freed_page_start\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2161, + "event": "path", + "message": "Condition \"i >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2163, + "event": "path", + "message": "Condition \"chunk->nr_empty_pop_pages == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2167, + "event": "path", + "message": "Condition \"pcpu_nr_empty_pop_pages < 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2179, + "event": "path", + "message": "Condition \"block->contig_hint == (1024UL /* (1UL << 12) >> 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2179, + "event": "path", + "message": "Condition \"test_bit(i, chunk->populated)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2181, + "event": "path", + "message": "Condition \"end == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2183, + "event": "path", + "message": "Condition \"i > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2184, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2161, + "event": "path", + "message": "Condition \"i >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2163, + "event": "path", + "message": "Condition \"chunk->nr_empty_pop_pages == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2167, + "event": "path", + "message": "Condition \"pcpu_nr_empty_pop_pages < 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2179, + "event": "path", + "message": "Condition \"block->contig_hint == (1024UL /* (1UL << 12) >> 2 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2179, + "event": "path", + "message": "Condition \"test_bit(i, chunk->populated)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2181, + "event": "path", + "message": "Condition \"end == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2183, + "event": "path", + "message": "Condition \"i > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2189, + "event": "path", + "message": "Condition \"end == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2192, + "event": "unlock", + "message": "Unlocking \"&pcpu_lock\". \"freed_page_start\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2195, + "event": "lockagain", + "message": "Locking \"&pcpu_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/percpu.c", + "line": 2198, + "event": "use", + "message": "Using an unreliable value of \"freed_page_start\" inside the second locked section. If the data that \"freed_page_start\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2196| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2197| \t\t\tpcpu_chunk_depopulated(chunk, i + 1, end + 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2198|-> \t\t\tfreed_page_start = min(freed_page_start, i + 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2199| \t\t\tfreed_page_end = max(freed_page_end, end + 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2200| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "process_vm_rw", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 262, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov_l\" = \"iovstack_l\" (address of local variable \"iovstack_l\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 268, + "event": "path", + "message": "Condition \"flags != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 272, + "event": "identity_transfer", + "message": "Passing \"iov_l\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 272, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"rc\" = \"import_iovec(dir, lvec, liovcnt, 8U, &iov_l, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 273, + "event": "path", + "message": "Condition \"rc < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 274, + "event": "return_local_addr_alias", + "message": "Returning pointer \"rc\" which points to local variable \"iovstack_l\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| \trc = import_iovec(dir, lvec, liovcnt, UIO_FASTIOV, &iov_l, &iter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| \tif (rc < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274|-> \t\treturn rc;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| \tif (!iov_iter_count(&iter))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| \t\tgoto free_iov_l;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "process_vm_rw", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 262, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov_l\" = \"iovstack_l\" (address of local variable \"iovstack_l\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 268, + "event": "path", + "message": "Condition \"flags != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 272, + "event": "identity_transfer", + "message": "Passing \"iov_l\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 272, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"rc\" = \"import_iovec(dir, lvec, liovcnt, 8U, &iov_l, &iter)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 273, + "event": "path", + "message": "Condition \"rc < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 275, + "event": "path", + "message": "Condition \"!iov_iter_count(&iter)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 276, + "event": "path", + "message": "Jumping to label \"free_iov_l\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 288, + "event": "return_local_addr_alias", + "message": "Returning pointer \"rc\" which points to local variable \"iovstack_l\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| free_iov_l:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| \tkfree(iov_l);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 288|-> \treturn rc;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 289| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 290| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "process_vm_rw", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 268, + "event": "path", + "message": "Condition \"flags != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 273, + "event": "path", + "message": "Condition \"rc < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 275, + "event": "path", + "message": "Condition \"!iov_iter_count(&iter)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 277, + "event": "local_addr", + "message": "Address of local variable \"iovstack_r\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 277, + "event": "identity_transfer", + "message": "Passing \"iovstack_r\" as argument 4 to function \"iovec_from_user\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 277, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"iov_r\" = \"iovec_from_user(rvec, riovcnt, 8UL, iovstack_r, in_compat_syscall())\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 279, + "event": "path", + "message": "Condition \"IS_ERR(iov_r)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 280, + "event": "identity_transfer", + "message": "Passing \"iov_r\" as argument 1 to function \"PTR_ERR\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 280, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"rc\" = \"PTR_ERR(iov_r)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 281, + "event": "path", + "message": "Jumping to label \"free_iov_l\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/process_vm_access.c", + "line": 288, + "event": "return_local_addr_alias", + "message": "Returning pointer \"rc\" which points to local variable \"iovstack_r\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| free_iov_l:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| \tkfree(iov_l);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 288|-> \treturn rc;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 289| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 290| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "shmem_fault", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2088, + "event": "path", + "message": "Condition \"!!inode->i_private\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2091, + "event": "lock", + "message": "Locking \"&inode->i_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2093, + "event": "path", + "message": "Condition \"shmem_falloc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2093, + "event": "path", + "message": "Condition \"shmem_falloc->waitq\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2093, + "event": "path", + "message": "Condition \"(*vmf).pgoff >= shmem_falloc->start\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2093, + "event": "path", + "message": "Condition \"(*vmf).pgoff < shmem_falloc->next\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2103, + "event": "path", + "message": "Condition \"fpin\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2106, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"shmem_falloc_waitq\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2109, + "event": "unlock", + "message": "Unlocking \"&inode->i_lock\". \"shmem_falloc_waitq\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2119, + "event": "lockagain", + "message": "Locking \"&inode->i_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/shmem.c", + "line": 2120, + "event": "use", + "message": "Using an unreliable value of \"shmem_falloc_waitq\" inside the second locked section. If the data that \"shmem_falloc_waitq\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2118| \t\t\t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2119| \t\t\tspin_lock(&inode->i_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2120|-> \t\t\tfinish_wait(shmem_falloc_waitq, &shmem_fault_wait);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2121| \t\t\tspin_unlock(&inode->i_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2122| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__unfreeze_partials", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2472, + "event": "path", + "message": "Condition \"partial_slab\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2480, + "event": "path", + "message": "Condition \"n != n2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2481, + "event": "path", + "message": "Condition \"n\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2485, + "event": "lock", + "message": "Locking \"spinlock_check(&n->list_lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2502, + "event": "path", + "message": "Condition \"!__cmpxchg_double_slab(s, slab, old.freelist, old.counters, new.freelist, new.counters, \"unfreezing slab\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2504, + "event": "path", + "message": "Condition \"!new.inuse\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2504, + "event": "path", + "message": "Condition \"n->nr_partial >= s->min_partial\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2507, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2511, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2472, + "event": "path", + "message": "Condition \"partial_slab\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2477, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"partial_slab\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2480, + "event": "path", + "message": "Condition \"n != n2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2481, + "event": "path", + "message": "Condition \"n\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2482, + "event": "unlock", + "message": "Unlocking \"&n->list_lock\". \"partial_slab\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2502, + "event": "path", + "message": "Condition \"!__cmpxchg_double_slab(s, slab, old.freelist, old.counters, new.freelist, new.counters, \"unfreezing slab\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2504, + "event": "path", + "message": "Condition \"!new.inuse\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2504, + "event": "path", + "message": "Condition \"n->nr_partial >= s->min_partial\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2507, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2511, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2472, + "event": "path", + "message": "Condition \"partial_slab\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2485, + "event": "lockagain", + "message": "Locking \"spinlock_check(&n->list_lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/slub.c", + "line": 2476, + "event": "use", + "message": "Using an unreliable value of \"partial_slab\" inside the second locked section. If the data that \"partial_slab\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2474| \t\tstruct slab old;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2475| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2476|-> \t\tslab = partial_slab;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2477| \t\tpartial_slab = slab->next;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2478| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "swap_do_scheduled_discard", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 493, + "event": "path", + "message": "Condition \"!cluster_list_empty(&si->discard_clusters)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 500, + "event": "lock", + "message": "Locking \"&si->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 506, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 493, + "event": "path", + "message": "Condition \"!cluster_list_empty(&si->discard_clusters)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 494, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"idx\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 495, + "event": "unlock", + "message": "Unlocking \"&si->lock\". \"idx\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 500, + "event": "lockagain", + "message": "Locking \"&si->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 502, + "event": "use", + "message": "Using an unreliable value of \"idx\" inside the second locked section. If the data that \"idx\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 500| \t\tspin_lock(&si->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 501| \t\tci = lock_cluster(si, idx * SWAPFILE_CLUSTER);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 502|-> \t\t__free_cluster(si, idx);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 503| \t\tmemset(si->swap_map + idx * SWAPFILE_CLUSTER,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 504| \t\t\t\t0, SWAPFILE_CLUSTER);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "scan_swap_map_slots", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 102, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 829, + "event": "path", + "message": "Condition \"si->flags & SWP_SOLIDSTATE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 830, + "event": "path", + "message": "Switch case value \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 830, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 830, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 836, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 837, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 838, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "lock", + "message": "Locking \"si->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 887, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 889, + "event": "path", + "message": "Condition \"!(si->flags & SWP_WRITEOK)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 891, + "event": "path", + "message": "Condition \"!si->highest_bit\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 893, + "event": "path", + "message": "Condition \"offset > si->highest_bit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 894, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"offset\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 898, + "event": "path", + "message": "Condition \"vm_swap_full()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 898, + "event": "path", + "message": "Condition \"si->swap_map[offset] == 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 900, + "event": "unlock", + "message": "Unlocking \"ci->lock\". \"offset\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 901, + "event": "unlock", + "message": "Unlocking \"&si->lock\". \"offset\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 905, + "event": "path", + "message": "Condition \"swap_was_freed\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 906, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "path", + "message": "Condition \"scan_swap_map_ssd_cluster_conflict(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 882, + "event": "path", + "message": "Condition \"n_ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 884, + "event": "path", + "message": "Condition \"!scan_swap_map_try_ssd_cluster(si, &offset, &scan_base)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 886, + "event": "path", + "message": "Jumping to label \"scan\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 975, + "event": "unlock", + "message": "Unlocking \"&si->lock\". \"offset\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (si->highest_bit) == sizeof (char) || sizeof (si->highest_bit) == sizeof (short)) || sizeof (si->highest_bit) == sizeof (int)) || sizeof (si->highest_bit) == sizeof (long)) || sizeof (si->highest_bit) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 976, + "event": "path", + "message": "Condition \"++offset <= ({...; *((unsigned int const volatile *)&si->highest_bit);})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 977, + "event": "path", + "message": "Condition \"!!(--latency_ration < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "path", + "message": "Condition \"swap_offset_available_and_locked(si, offset)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 983, + "event": "path", + "message": "Jumping to label \"checks\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 879, + "event": "path", + "message": "Condition \"si->cluster_info\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 982, + "event": "lockagain", + "message": "Locking \"si->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/swapfile.c", + "line": 880, + "event": "use", + "message": "Using an unreliable value of \"offset\" inside the second locked section. If the data that \"offset\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 878| checks:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 879| \tif (si->cluster_info) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 880|-> \t\twhile (scan_swap_map_ssd_cluster_conflict(si, offset)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 881| \t\t/* take a break if we already got some slots */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 882| \t\t\tif (n_ret)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "zswap_writeback_entry", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 960, + "event": "path", + "message": "Condition \"!zpool_can_sleep_mapped(pool)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 962, + "event": "path", + "message": "Condition \"!tmp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 973, + "event": "lock", + "message": "Locking \"&tree->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 974, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"entry\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 975, + "event": "path", + "message": "Condition \"!entry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 982, + "event": "unlock", + "message": "Unlocking \"&tree->lock\". \"entry\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 983, + "event": "path", + "message": "Condition \"offset != entry->offset\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 986, + "event": "path", + "message": "Condition \"!zpool_can_sleep_mapped(pool)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 993, + "event": "path", + "message": "Switch case value \"ZSWAP_SWAPCACHE_FAIL\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 996, + "event": "path", + "message": "Jumping to label \"fail\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1058, + "event": "lockagain", + "message": "Locking \"&tree->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1059, + "event": "use", + "message": "Using an unreliable value of \"entry\" inside the second locked section. If the data that \"entry\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| fail:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1058| \tspin_lock(&tree->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1059|-> \tzswap_entry_put(tree, entry);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1060| \tspin_unlock(&tree->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1061| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "zswap_frontswap_load", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1304, + "event": "lock", + "message": "Locking \"&tree->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1305, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"entry\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1306, + "event": "path", + "message": "Condition \"!entry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1311, + "event": "unlock", + "message": "Unlocking \"&tree->lock\". \"entry\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1313, + "event": "path", + "message": "Condition \"!entry->length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1316, + "event": "path", + "message": "Condition \"0 /* !!__builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1318, + "event": "path", + "message": "Jumping to label \"stats\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1358, + "event": "path", + "message": "Condition \"entry->objcg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1361, + "event": "lockagain", + "message": "Locking \"&tree->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/mm/zswap.c", + "line": 1362, + "event": "use", + "message": "Using an unreliable value of \"entry\" inside the second locked section. If the data that \"entry\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1360| freeentry:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1361| \tspin_lock(&tree->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1362|-> \tzswap_entry_put(tree, entry);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1363| \tspin_unlock(&tree->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1364| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "igmpv3_send_report", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 26, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 591, + "event": "path", + "message": "Condition \"!pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (in_dev->mc_list) == sizeof (char) || sizeof (in_dev->mc_list) == sizeof (short)) || sizeof (in_dev->mc_list) == sizeof (int)) || sizeof (in_dev->mc_list) == sizeof (long)) || sizeof (in_dev->mc_list) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"pmc != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 594, + "event": "path", + "message": "Condition \"pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 595, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"pmc != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 594, + "event": "path", + "message": "Condition \"pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 596, + "event": "path", + "message": "Condition \"ipv4_is_local_multicast(pmc->multiaddr)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 597, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (char) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (short)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (int)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 596, + "event": "path", + "message": "Condition \"!({...; *((unsigned char const volatile *)&net->ipv4.sysctl_igmp_llm_reports);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 599, + "event": "lock", + "message": "Locking \"&pmc->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 600, + "event": "path", + "message": "Condition \"pmc->sfcount[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 601, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 604, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 605, + "event": "unlock", + "message": "Unlocking \"&pmc->lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 606, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 593, + "event": "path", + "message": "Condition \"pmc != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 594, + "event": "path", + "message": "Condition \"pmc->multiaddr == 16777440U /* (__be32)(__u32)__builtin_bswap32((__u32)3758096385L) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 596, + "event": "path", + "message": "Condition \"ipv4_is_local_multicast(pmc->multiaddr)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 597, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (char) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (short)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (int)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long)) || sizeof (net->ipv4.sysctl_igmp_llm_reports) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 596, + "event": "path", + "message": "Condition \"!({...; *((unsigned char const volatile *)&net->ipv4.sysctl_igmp_llm_reports);})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 600, + "event": "path", + "message": "Condition \"pmc->sfcount[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 601, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 599, + "event": "lockagain", + "message": "Locking \"&pmc->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 604, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 602| \t\t\telse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 603| \t\t\t\ttype = IGMPV3_MODE_IS_INCLUDE;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 604|-> \t\t\tskb = add_grec(skb, pmc, type, 0, 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 605| \t\t\tspin_unlock_bh(&pmc->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 606| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "igmpv3_send_cr", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 72, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->sources\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 670, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 675, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 663, + "event": "path", + "message": "Condition \"pmc->sfmode == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 669, + "event": "path", + "message": "Condition \"pmc->crcount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"pmc->crcount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->tomb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 680, + "event": "path", + "message": "Condition \"!pmc->sources\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 689, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 661, + "event": "path", + "message": "Condition \"pmc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 693, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (in_dev->mc_list) == sizeof (char) || sizeof (in_dev->mc_list) == sizeof (short)) || sizeof (in_dev->mc_list) == sizeof (int)) || sizeof (in_dev->mc_list) == sizeof (long)) || sizeof (in_dev->mc_list) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 693, + "event": "path", + "message": "Condition \"pmc != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 694, + "event": "lock", + "message": "Locking \"&pmc->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 695, + "event": "path", + "message": "Condition \"pmc->sfcount[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 698, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 706, + "event": "path", + "message": "Condition \"pmc->crcount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 707, + "event": "path", + "message": "Condition \"pmc->sfmode == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 708, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 711, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 714, + "event": "unlock", + "message": "Unlocking \"&pmc->lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 715, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 693, + "event": "path", + "message": "Condition \"0 /* !((((sizeof ((*pmc).next_rcu) == sizeof (char) || sizeof ((*pmc).next_rcu) == sizeof (short)) || sizeof ((*pmc).next_rcu) == sizeof (int)) || sizeof ((*pmc).next_rcu) == sizeof (long)) || sizeof ((*pmc).next_rcu) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 693, + "event": "path", + "message": "Condition \"pmc != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 695, + "event": "path", + "message": "Condition \"pmc->sfcount[0]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 698, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 694, + "event": "lockagain", + "message": "Locking \"&pmc->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv4/igmp.c", + "line": 702, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 700| \t\t\tdtype = IGMPV3_BLOCK_OLD_SOURCES;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 701| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 702|-> \t\tskb = add_grec(skb, pmc, type, 0, 0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 703| \t\tskb = add_grec(skb, pmc, dtype, 0, 1);\t/* deleted sources */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 704| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "ipv6_create_tempaddr", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1336, + "event": "path", + "message": "Condition \"idev->cnf.use_tempaddr <= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1343, + "event": "lock", + "message": "Locking \"&ifp->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1344, + "event": "path", + "message": "Condition \"ifp->regen_count++ >= idev->cnf.regen_max_retry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1362, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x719 > __UNIQUE_ID___y720\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1367, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (idev->cnf.temp_prefered_lft) == sizeof (char) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (short)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (int)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (long)) || sizeof (idev->cnf.temp_prefered_lft) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1368, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x722 < __UNIQUE_ID___y723\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1372, + "event": "path", + "message": "Condition \"!!(idev->desync_factor > max_desync_factor)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1373, + "event": "path", + "message": "Condition \"max_desync_factor > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1377, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1383, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x724 < __UNIQUE_ID___y725\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1386, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x726 < __UNIQUE_ID___y727\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1389, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp_tstamp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1390, + "event": "unlock", + "message": "Unlocking \"&ifp->lock\". \"tmp_tstamp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1402, + "event": "path", + "message": "Condition \"cfg.preferred_lft <= regen_advance + age\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1411, + "event": "path", + "message": "Condition \"ifp->flags & 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1418, + "event": "path", + "message": "Condition \"IS_ERR(ift)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1426, + "event": "lockagain", + "message": "Locking \"&ift->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/ipv6/addrconf.c", + "line": 1429, + "event": "use", + "message": "Using an unreliable value of \"tmp_tstamp\" inside the second locked section. If the data that \"tmp_tstamp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1427| \tift->ifpub = ifp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1428| \tift->cstamp = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1429|-> \tift->tstamp = tmp_tstamp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1430| \tspin_unlock_bh(&ift->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1431| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "tpacket_rcv", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 41, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2221, + "event": "path", + "message": "Condition \"0 /* !!((sizeof (*h.h2) + 16 - 1 & ~(16 - 1)) != 32) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2222, + "event": "path", + "message": "Condition \"0 /* !!((sizeof (*h.h3) + 16 - 1 & ~(16 - 1)) != 48) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2224, + "event": "path", + "message": "Condition \"(*skb).pkt_type == 5\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2230, + "event": "path", + "message": "Condition \"!net_eq(dev_net(dev), sock_net(sk))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2233, + "event": "path", + "message": "Condition \"dev_has_header(dev)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2245, + "event": "path", + "message": "Condition \"!res\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2249, + "event": "path", + "message": "Condition \"__packet_rcv_has_room(po, skb) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2254, + "event": "path", + "message": "Condition \"(*skb).ip_summed == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2255, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2259, + "event": "path", + "message": "Condition \"skb_is_gso(skb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2259, + "event": "path", + "message": "Condition \"skb_is_gso_tcp(skb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2262, + "event": "path", + "message": "Condition \"snaplen > res\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2265, + "event": "path", + "message": "Condition \"sk->sk_type == SOCK_DGRAM\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2268, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2279, + "event": "path", + "message": "Condition \"netoff > 65535U /* (unsigned short)~0U */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2283, + "event": "path", + "message": "Condition \"po->tp_version <= TPACKET_V2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2284, + "event": "path", + "message": "Condition \"macoff + snaplen > po->rx_ring.frame_size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2285, + "event": "path", + "message": "Condition \"po->copy_thresh\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2285, + "event": "path", + "message": "Condition \"atomic_read(&sk->sk_backlog.rmem_alloc) < sk->sk_rcvbuf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2287, + "event": "path", + "message": "Condition \"skb_shared(skb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2289, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2293, + "event": "path", + "message": "Condition \"copy_skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2300, + "event": "path", + "message": "Condition \"(int)snaplen < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2305, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2319, + "event": "lock", + "message": "Locking \"&sk->sk_receive_queue.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2322, + "event": "path", + "message": "Condition \"!h.raw\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2325, + "event": "path", + "message": "Condition \"po->tp_version <= TPACKET_V2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2326, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"slot_id\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2327, + "event": "path", + "message": "Condition \"test_bit(slot_id, po->rx_ring.rx_owner_map)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2332, + "event": "path", + "message": "Condition \"do_vnet\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2341, + "event": "path", + "message": "Condition \"po->tp_version <= TPACKET_V2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2349, + "event": "path", + "message": "Condition \"atomic_read(&po->tp_drops)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2354, + "event": "path", + "message": "Condition \"copy_skb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2359, + "event": "unlock", + "message": "Unlocking \"&sk->sk_receive_queue.lock\". \"slot_id\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2368, + "event": "path", + "message": "Condition \"!ts_status\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2373, + "event": "path", + "message": "Switch case value \"TPACKET_V1\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2382, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2425, + "event": "path", + "message": "Condition \"!!po->origdev\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2426, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2445, + "event": "path", + "message": "Condition \"po->tp_version <= TPACKET_V2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2446, + "event": "lockagain", + "message": "Locking \"&sk->sk_receive_queue.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 2448, + "event": "use", + "message": "Using an unreliable value of \"slot_id\" inside the second locked section. If the data that \"slot_id\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2446| \t\tspin_lock(&sk->sk_receive_queue.lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2447| \t\t__packet_set_status(po, h.raw, status);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2448|-> \t\t__clear_bit(slot_id, po->rx_ring.rx_owner_map);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2449| \t\tspin_unlock(&sk->sk_receive_queue.lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2450| \t\tsk->sk_data_ready(sk);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "packet_set_ring", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 38, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4339, + "event": "path", + "message": "Condition \"tx_ring\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4340, + "event": "path", + "message": "Condition \"tx_ring\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4343, + "event": "path", + "message": "Condition \"!closing\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4344, + "event": "path", + "message": "Condition \"atomic_read(&po->mapped)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4346, + "event": "path", + "message": "Condition \"packet_read_pending(rb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4350, + "event": "path", + "message": "Condition \"req->tp_block_nr\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4355, + "event": "path", + "message": "Condition \"!!rb->pg_vec\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4358, + "event": "path", + "message": "Switch case value \"TPACKET_V1\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4361, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4371, + "event": "path", + "message": "Condition \"!!((int)req->tp_block_size <= 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4373, + "event": "path", + "message": "Condition \"!!!(((unsigned long)req->tp_block_size & 4095UL /* (unsigned long)(1UL << 12) - 1 */) == 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4376, + "event": "path", + "message": "Condition \"po->tp_version >= TPACKET_V3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4380, + "event": "path", + "message": "Condition \"!!(req->tp_frame_size < min_frame_size)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4382, + "event": "path", + "message": "Condition \"!!(req->tp_frame_size & 15U /* 16 - 1 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4386, + "event": "path", + "message": "Condition \"!!(rb->frames_per_block == 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4388, + "event": "path", + "message": "Condition \"!!(rb->frames_per_block > 4294967295U /* ~0U */ / req->tp_block_nr)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4390, + "event": "path", + "message": "Condition \"!!(rb->frames_per_block * req->tp_block_nr != req->tp_frame_nr)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4397, + "event": "path", + "message": "Condition \"!!!pg_vec\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4399, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4416, + "event": "path", + "message": "Condition \"!tx_ring\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4422, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4424, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4434, + "event": "lock", + "message": "Locking \"&po->bind_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4436, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"num\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4437, + "event": "path", + "message": "Condition \"was_running\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4438, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (po->num) == sizeof (char) || sizeof (po->num) == sizeof (short)) || sizeof (po->num) == sizeof (int)) || sizeof (po->num) == sizeof (long)) || sizeof (po->num) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4441, + "event": "unlock", + "message": "Unlocking \"&po->bind_lock\". \"num\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4446, + "event": "unlock", + "message": "Unlocking \"po->pg_vec_lock.wait_lock\". \"num\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4447, + "event": "path", + "message": "Condition \"closing\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4447, + "event": "path", + "message": "Condition \"atomic_read(&po->mapped) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4451, + "event": "path", + "message": "Condition \"po->tp_version <= TPACKET_V2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4456, + "event": "unlock", + "message": "Unlocking \"&rb_queue->lock\". \"num\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4462, + "event": "path", + "message": "Condition \"po->rx_ring.pg_vec\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4465, + "event": "path", + "message": "Condition \"atomic_read(&po->mapped)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4469, + "event": "unlock", + "message": "Unlocking \"po->pg_vec_lock.wait_lock\". \"num\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4472, + "event": "path", + "message": "Condition \"was_running\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4473, + "event": "path", + "message": "Condition \"0 /* !((((sizeof (po->num) == sizeof (char) || sizeof (po->num) == sizeof (short)) || sizeof (po->num) == sizeof (int)) || sizeof (po->num) == sizeof (long)) || sizeof (po->num) == sizeof (long long)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4471, + "event": "lockagain", + "message": "Locking \"&po->bind_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/packet/af_packet.c", + "line": 4473, + "event": "use", + "message": "Using an unreliable value of \"num\" inside the second locked section. If the data that \"num\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4471| \tspin_lock(&po->bind_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4472| \tif (was_running) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4473|-> \t\tWRITE_ONCE(po->num, num);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4474| \t\tregister_prot_hook(sk);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 4475| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "___sys_sendmsg", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c", + "line": 2473, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c", + "line": 2478, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 4 to function \"sendmsg_copy_msghdr\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c", + "line": 2478, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"err\" = \"sendmsg_copy_msghdr(msg_sys, msg, flags, &iov)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c", + "line": 2479, + "event": "path", + "message": "Condition \"err < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/socket.c", + "line": 2480, + "event": "return_local_addr_alias", + "message": "Returning pointer \"err\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2478| \terr = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2479| \tif (err < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2480|-> \t\treturn err;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2481| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2482| \terr = ____sys_sendmsg(sock, msg_sys, flags, used_address,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "gss_pipe_downcall", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 734, + "event": "path", + "message": "Condition \"mlen > 1024\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 738, + "event": "path", + "message": "Condition \"!buf\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 742, + "event": "path", + "message": "Condition \"copy_from_user(buf, src, mlen)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 747, + "event": "path", + "message": "Condition \"IS_ERR(p)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 753, + "event": "path", + "message": "Condition \"!uid_valid(uid)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 760, + "event": "path", + "message": "Condition \"ctx == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 765, + "event": "lock", + "message": "Locking \"&pipe->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 766, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"gss_msg\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 767, + "event": "path", + "message": "Condition \"gss_msg == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 772, + "event": "unlock", + "message": "Unlocking \"&pipe->lock\". \"gss_msg\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 775, + "event": "path", + "message": "Condition \"IS_ERR(p)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 777, + "event": "path", + "message": "Switch case value \"-13\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 782, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 794, + "event": "path", + "message": "Jumping to label \"err_release_msg\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 800, + "event": "lockagain", + "message": "Locking \"&pipe->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/auth_gss/auth_gss.c", + "line": 801, + "event": "use", + "message": "Using an unreliable value of \"gss_msg\" inside the second locked section. If the data that \"gss_msg\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 799| err_release_msg:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 800| \tspin_lock(&pipe->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 801|-> \t__gss_unhash_msg(gss_msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 802| \tspin_unlock(&pipe->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 803| \tgss_release_msg(gss_msg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "svc_rdma_handle_bc_reply", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 31, + "event": "lock", + "message": "Locking \"&xprt->queue_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 32, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"req\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 33, + "event": "path", + "message": "Condition \"!req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 38, + "event": "path", + "message": "Condition \"dst->iov_len < src->iov_len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 42, + "event": "unlock", + "message": "Unlocking \"&xprt->queue_lock\". \"req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 45, + "event": "path", + "message": "Condition \"credits == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 46, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 51, + "event": "unlock", + "message": "Unlocking \"&xprt->transport_lock\". \"req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 53, + "event": "lockagain", + "message": "Locking \"&xprt->queue_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtrdma/svc_rdma_backchannel.c", + "line": 55, + "event": "use", + "message": "Using an unreliable value of \"req\" inside the second locked section. If the data that \"req\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \tspin_lock(&xprt->queue_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \txprt_complete_rqst(req->rq_task, rcvbuf->len);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55|-> \txprt_unpin_rqst(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \trcvbuf->len = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "xs_read_stream_reply", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 604, + "event": "lock", + "message": "Locking \"&xprt->queue_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 605, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"req\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 606, + "event": "path", + "message": "Condition \"!req\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 606, + "event": "path", + "message": "Condition \"transport->recv.copied\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 606, + "event": "path", + "message": "Condition \"!req->rq_private_buf.len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 611, + "event": "unlock", + "message": "Unlocking \"&xprt->queue_lock\". \"req\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 616, + "event": "path", + "message": "Condition \"msg->msg_flags & (160U /* 0x80 | 0x20 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 617, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 615, + "event": "lockagain", + "message": "Locking \"&xprt->queue_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 620, + "event": "use", + "message": "Using an unreliable value of \"req\" inside the second locked section. If the data that \"req\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 618| \telse", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 619| \t\treq->rq_private_buf.len = transport->recv.copied;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 620|-> \txprt_unpin_rqst(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 621| out:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 622| \tspin_unlock(&xprt->queue_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "xs_udp_data_read_skb", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1296, + "event": "path", + "message": "Condition \"repsize < 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1303, + "event": "path", + "message": "Condition \"xp == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1307, + "event": "lock", + "message": "Locking \"&xprt->queue_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1308, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rovr\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1309, + "event": "path", + "message": "Condition \"!rovr\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1313, + "event": "unlock", + "message": "Unlocking \"&xprt->queue_lock\". \"rovr\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1316, + "event": "path", + "message": "Condition \"(copied = rovr->rq_private_buf.buflen) > repsize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1320, + "event": "path", + "message": "Condition \"csum_partial_copy_to_xdr(&rovr->rq_private_buf, skb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1329, + "event": "unlock", + "message": "Unlocking \"&xprt->transport_lock\". \"rovr\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Switch case value \"8\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Condition \"1 /* pao_ID__ == 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Condition \"sk->__sk_common.skc_family == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Condition \"sk->sk_protocol == IPPROTO_UDPLITE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1332, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1330, + "event": "lockagain", + "message": "Locking \"&xprt->queue_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/sunrpc/xprtsock.c", + "line": 1334, + "event": "use", + "message": "Using an unreliable value of \"rovr\" inside the second locked section. If the data that \"rovr\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1332| \t__UDPX_INC_STATS(sk, UDP_MIB_INDATAGRAMS);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1333| out_unpin:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1334|-> \txprt_unpin_rqst(rovr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1335| out_unlock:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1336| \tspin_unlock(&xprt->queue_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "unix_stream_read_generic", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 27, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2530, + "event": "path", + "message": "Condition \"!!(sk->__sk_common.skc_state != TCP_ESTABLISHED)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2535, + "event": "path", + "message": "Condition \"!!(flags & 1)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2541, + "event": "path", + "message": "Condition \"noblock\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2550, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x562 > __UNIQUE_ID___y563\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2558, + "event": "lock", + "message": "Locking \"&unix_sk(sk)->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2559, + "event": "path", + "message": "Condition \"sock_flag(sk, SOCK_DEAD)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2564, + "event": "path", + "message": "Condition \"last\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2566, + "event": "path", + "message": "Condition \"skb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2604, + "event": "path", + "message": "Condition \"skip >= unix_skb_len(skb)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2608, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2609, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2611, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2604, + "event": "path", + "message": "Condition \"skip >= unix_skb_len(skb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2613, + "event": "unlock", + "message": "Unlocking \"&unix_sk(sk)->lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2615, + "event": "path", + "message": "Condition \"check_creds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2619, + "event": "path", + "message": "Condition \"test_bit(3, &sock->flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2627, + "event": "path", + "message": "Condition \"state->msg\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2627, + "event": "path", + "message": "Condition \"state->msg->msg_name\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2628, + "event": "path", + "message": "Condition \"0 /* !!(sizeof (*sunaddr) > sizeof (struct __kernel_sockaddr_storage)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2634, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x565 < __UNIQUE_ID___y566\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2637, + "event": "path", + "message": "Condition \"!unix_skb_len(skb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2640, + "event": "path", + "message": "Condition \"chunk < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2648, + "event": "path", + "message": "Condition \"drop_skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2661, + "event": "path", + "message": "Condition \"!(flags & 2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2682, + "event": "path", + "message": "Condition \"((struct unix_skb_parms *)&skb->cb)->fp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2687, + "event": "path", + "message": "Condition \"((struct unix_skb_parms *)&skb->cb)->fp\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2693, + "event": "lockagain", + "message": "Locking \"&unix_sk(sk)->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/unix/af_unix.c", + "line": 2694, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2692| \t\t\tlast_len = skb->len;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2693| \t\t\tunix_state_lock(sk);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2694|-> \t\t\tskb = skb_peek_next(skb, &sk->sk_receive_queue);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2695| \t\t\tif (skb)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2696| \t\t\t\tgoto again;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "virtio_transport_stream_do_peek", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 29, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 357, + "event": "path", + "message": "Condition \"skb != (struct sk_buff *)&vvs->rx_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 360, + "event": "path", + "message": "Condition \"total == len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"off < skb->len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 365, + "event": "path", + "message": "Condition \"bytes > skb->len - off\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 374, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 381, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"off < skb->len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 365, + "event": "path", + "message": "Condition \"bytes > skb->len - off\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 374, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 377, + "event": "lock", + "message": "Locking \"&vvs->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 381, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"off < skb->len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 382, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 357, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 357, + "event": "path", + "message": "Condition \"skb != (struct sk_buff *)&vvs->rx_queue\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 360, + "event": "path", + "message": "Condition \"total == len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"off < skb->len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 365, + "event": "path", + "message": "Condition \"bytes > skb->len - off\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 371, + "event": "unlock", + "message": "Unlocking \"&vvs->rx_lock\". \"tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 374, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 381, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 363, + "event": "path", + "message": "Condition \"off < skb->len\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 382, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 377, + "event": "lockagain", + "message": "Locking \"&vvs->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 357, + "event": "use", + "message": "Using an unreliable value of \"tmp\" inside the second locked section. If the data that \"tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 355| \tspin_lock_bh(&vvs->rx_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 356| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 357|-> \tskb_queue_walk_safe(&vvs->rx_queue, skb, tmp) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 358| \t\toff = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 359| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "virtio_transport_stream_do_dequeue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 405, + "event": "lock", + "message": "Locking \"&vvs->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"__ret_cond\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"!!__ret_once\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"({...; !!__ret_once;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"!!__ret_do_once\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"({...; !!__ret_do_once;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 413, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 413, + "event": "path", + "message": "Condition \"!skb_queue_empty(&vvs->rx_queue)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 417, + "event": "path", + "message": "Condition \"bytes > skb->len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 418, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"bytes\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 423, + "event": "unlock", + "message": "Unlocking \"&vvs->rx_lock\". \"bytes\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 426, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 429, + "event": "lockagain", + "message": "Locking \"&vvs->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 432, + "event": "use", + "message": "Using an unreliable value of \"bytes\" inside the second locked section. If the data that \"bytes\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| \t\ttotal += bytes;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432|-> \t\tskb_pull(skb, bytes);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434| \t\tif (skb->len == 0) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "virtio_transport_stream_do_dequeue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 405, + "event": "lock", + "message": "Locking \"&vvs->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"__ret_cond\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"!!__ret_once\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"({...; !!__ret_once;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"!!__ret_do_once\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 407, + "event": "path", + "message": "Condition \"({...; !!__ret_do_once;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 413, + "event": "path", + "message": "Condition \"total < len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 413, + "event": "path", + "message": "Condition \"!skb_queue_empty(&vvs->rx_queue)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 414, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 417, + "event": "path", + "message": "Condition \"bytes > skb->len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 423, + "event": "unlock", + "message": "Unlocking \"&vvs->rx_lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 426, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 429, + "event": "lockagain", + "message": "Locking \"&vvs->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 432, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| \t\ttotal += bytes;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432|-> \t\tskb_pull(skb, bytes);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434| \t\tif (skb->len == 0) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "virtio_transport_seqpacket_do_dequeue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 476, + "event": "lock", + "message": "Locking \"&vvs->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 478, + "event": "path", + "message": "Condition \"vvs->msg_count == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 483, + "event": "path", + "message": "Condition \"!msg_ready\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 488, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 491, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"pkt_len\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 493, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 496, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x492 < __UNIQUE_ID___y493\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 498, + "event": "path", + "message": "Condition \"bytes_to_copy\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 504, + "event": "unlock", + "message": "Unlocking \"&vvs->rx_lock\". \"pkt_len\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 507, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 512, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 519, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 523, + "event": "path", + "message": "Condition \"(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 527, + "event": "path", + "message": "Condition \"(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 516, + "event": "lockagain", + "message": "Locking \"&vvs->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 531, + "event": "use", + "message": "Using an unreliable value of \"pkt_len\" inside the second locked section. If the data that \"pkt_len\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 529| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531|-> \t\tvirtio_transport_dec_rx_pkt(vvs, pkt_len);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| \t\tkfree_skb(skb);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "virtio_transport_seqpacket_do_dequeue", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 24, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 478, + "event": "path", + "message": "Condition \"vvs->msg_count == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 483, + "event": "path", + "message": "Condition \"!msg_ready\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 488, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 493, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 496, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x492 < __UNIQUE_ID___y493\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 498, + "event": "path", + "message": "Condition \"bytes_to_copy\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 507, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 512, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 516, + "event": "lock", + "message": "Locking \"&vvs->rx_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 519, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 523, + "event": "path", + "message": "Condition \"(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 533, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 483, + "event": "path", + "message": "Condition \"!msg_ready\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 487, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"skb\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 488, + "event": "path", + "message": "Condition \"!skb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 493, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 496, + "event": "path", + "message": "Condition \"__UNIQUE_ID___x492 < __UNIQUE_ID___y493\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 498, + "event": "path", + "message": "Condition \"bytes_to_copy\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 504, + "event": "unlock", + "message": "Unlocking \"&vvs->rx_lock\". \"skb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 507, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 512, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 519, + "event": "path", + "message": "Condition \"dequeued_len >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 523, + "event": "path", + "message": "Condition \"(__u32)(__le32)hdr->flags & VIRTIO_VSOCK_SEQ_EOM\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 516, + "event": "lockagain", + "message": "Locking \"&vvs->rx_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/net/vmw_vsock/virtio_transport_common.c", + "line": 532, + "event": "use", + "message": "Using an unreliable value of \"skb\" inside the second locked section. If the data that \"skb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| \t\tvirtio_transport_dec_rx_pkt(vvs, pkt_len);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532|-> \t\tkfree_skb(skb);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 534| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "key_garbage_collector", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 192, + "event": "path", + "message": "Condition \"limit > key_gc_delay\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 193, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 200, + "event": "path", + "message": "Condition \"test_and_clear_bit(0, &key_gc_flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 203, + "event": "path", + "message": "Condition \"test_and_clear_bit(1, &key_gc_flags)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 213, + "event": "lock", + "message": "Locking \"&key_serial_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 217, + "event": "path", + "message": "Condition \"cursor\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 219, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cursor\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 221, + "event": "path", + "message": "Condition \"refcount_read(&key->usage) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 222, + "event": "path", + "message": "Jumping to label \"found_unreferenced_key\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 332, + "event": "unlock", + "message": "Unlocking \"&key_serial_lock\". \"cursor\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 336, + "event": "path", + "message": "Jumping to label \"maybe_resched\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 267, + "event": "path", + "message": "Condition \"cursor\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 270, + "event": "path", + "message": "Jumping to label \"continue_scanning\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 217, + "event": "path", + "message": "Condition \"cursor\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 269, + "event": "lockagain", + "message": "Locking \"&key_serial_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/gc.c", + "line": 218, + "event": "use", + "message": "Using an unreliable value of \"(void *)cursor\" inside the second locked section. If the data that \"(void *)cursor\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 216| continue_scanning:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 217| \twhile (cursor) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218|-> \t\tkey = rb_entry(cursor, struct key, serial_node);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| \t\tcursor = rb_next(cursor);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "keyctl_instantiate_key_iov", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1279, + "event": "local_ptr_assign_local", + "message": "Assigning: \"iov\" = \"iovstack\" (address of local variable \"iovstack\").", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1283, + "event": "path", + "message": "Condition \"!_payload_iov\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1286, + "event": "identity_transfer", + "message": "Passing \"iov\" as argument 5 to function \"import_iovec\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1286, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"ret\" = \"import_iovec(1, _payload_iov, ioc, 8U, &iov, &from)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1288, + "event": "path", + "message": "Condition \"ret < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/keys/keyctl.c", + "line": 1289, + "event": "return_local_addr_alias", + "message": "Returning pointer \"ret\" which points to local variable \"iovstack\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1287| \t\t\t\t ARRAY_SIZE(iovstack), &iov, &from);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1288| \tif (ret < 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1289|-> \t\treturn ret;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1290| \tret = keyctl_instantiate_key_common(id, &from, ringid);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1291| \tkfree(iov);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "inode_doinit_with_dentry", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1420, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_INITIALIZED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1423, + "event": "lock", + "message": "Locking \"&isec->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1424, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_INITIALIZED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1427, + "event": "path", + "message": "Condition \"isec->sclass == 7\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1431, + "event": "path", + "message": "Condition \"!(sbsec->flags & 0x100)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1444, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sid\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1446, + "event": "unlock", + "message": "Unlocking \"&isec->lock\". \"sid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1448, + "event": "path", + "message": "Switch case value \"7\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1455, + "event": "path", + "message": "Condition \"!(inode->i_opflags & 8)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1461, + "event": "path", + "message": "Condition \"opt_dentry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1464, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1475, + "event": "path", + "message": "Condition \"!dentry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1491, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1493, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1566, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_PENDING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1567, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1565, + "event": "lockagain", + "message": "Locking \"&isec->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1572, + "event": "use", + "message": "Using an unreliable value of \"sid\" inside the second locked section. If the data that \"sid\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1570| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1571| \t\tisec->initialized = LABEL_INITIALIZED;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1572|-> \t\tisec->sid = sid;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1573| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1574| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "inode_doinit_with_dentry", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1420, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_INITIALIZED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1423, + "event": "lock", + "message": "Locking \"&isec->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1424, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_INITIALIZED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1427, + "event": "path", + "message": "Condition \"isec->sclass == 7\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1431, + "event": "path", + "message": "Condition \"!(sbsec->flags & 0x100)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1444, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"sid\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1446, + "event": "unlock", + "message": "Unlocking \"&isec->lock\". \"sid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1448, + "event": "path", + "message": "Switch case value \"7\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1455, + "event": "path", + "message": "Condition \"!(inode->i_opflags & 8)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1461, + "event": "path", + "message": "Condition \"opt_dentry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1472, + "event": "path", + "message": "Condition \"!dentry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1473, + "event": "unlock", + "message": "Unlocking \"inode->i_lock\". \"sid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1475, + "event": "path", + "message": "Condition \"!dentry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1485, + "event": "path", + "message": "Jumping to label \"out_invalid\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1581, + "event": "path", + "message": "Condition \"isec->initialized == LABEL_PENDING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1580, + "event": "lockagain", + "message": "Locking \"&isec->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/hooks.c", + "line": 1583, + "event": "use", + "message": "Using an unreliable value of \"sid\" inside the second locked section. If the data that \"sid\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1581| \tif (isec->initialized == LABEL_PENDING) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1582| \t\tisec->initialized = LABEL_INVALID;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1583|-> \t\tisec->sid = sid;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1584| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1585| \tspin_unlock(&isec->lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sidtab_convert", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 429, + "event": "lock", + "message": "Locking \"spinlock_check(&s->lock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 432, + "event": "path", + "message": "Condition \"s->convert\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 437, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"count\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 443, + "event": "path", + "message": "Condition \"sidtab_do_lookup(params->target, count - 1, 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 444, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 456, + "event": "unlock", + "message": "Unlocking \"&s->lock\". \"count\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 458, + "event": "path", + "message": "Condition \"1 /* 1 && 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 464, + "event": "path", + "message": "Condition \"rc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 475, + "event": "lockagain", + "message": "Locking \"spinlock_check(&s->lock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/security/selinux/ss/sidtab.c", + "line": 476, + "event": "use", + "message": "Using an unreliable value of \"count\" inside the second locked section. If the data that \"count\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 474| \t */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 475| \tspin_lock_irqsave(&s->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476|-> \tsidtab_convert_hashtable(params->target, count);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 477| \tspin_unlock_irqrestore(&s->lock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "snd_rawmidi_drain_output", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 246, + "event": "lock", + "message": "Locking \"&substream->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 247, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"runtime\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 248, + "event": "path", + "message": "Condition \"!substream->opened\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 248, + "event": "path", + "message": "Condition \"!runtime\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 248, + "event": "path", + "message": "Condition \"!runtime->buffer\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 254, + "event": "unlock", + "message": "Unlocking \"&substream->lock\". \"runtime\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 255, + "event": "path", + "message": "Condition \"err < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 258, + "event": "path", + "message": "Condition \"__cond\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 258, + "event": "path", + "message": "Condition \"!__ret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 258, + "event": "path", + "message": "Condition \"__cond\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 258, + "event": "path", + "message": "Condition \"!({...; __cond || !__ret;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 263, + "event": "path", + "message": "Condition \"signal_pending(get_current())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 265, + "event": "path", + "message": "Condition \"runtime->avail < runtime->buffer_size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 272, + "event": "unlock", + "message": "Unlocking \"&substream->lock\". \"runtime\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 274, + "event": "path", + "message": "Condition \"err != -512\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 283, + "event": "lockagain", + "message": "Locking \"&substream->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/core/rawmidi.c", + "line": 284, + "event": "use", + "message": "Using an unreliable value of \"runtime\" inside the second locked section. If the data that \"runtime\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 282| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| \tspin_lock_irq(&substream->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284|-> \tsnd_rawmidi_buffer_unref(runtime);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285| \tspin_unlock_irq(&substream->lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "snd_intel8x0_setup_pcm_out", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 923, + "event": "lock", + "message": "Locking \"&chip->reg_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 924, + "event": "path", + "message": "Switch case default.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 944, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cnt\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 946, + "event": "path", + "message": "Condition \"runtime->channels == 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 947, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 952, + "event": "path", + "message": "Condition \"chip->device_type == DEVICE_NFORCE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 956, + "event": "path", + "message": "Condition \"cnt & 3145728\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 958, + "event": "unlock", + "message": "Unlocking \"&chip->reg_lock\". \"cnt\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 962, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 960, + "event": "lockagain", + "message": "Locking \"&chip->reg_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/intel8x0.c", + "line": 966, + "event": "use", + "message": "Using an unreliable value of \"cnt\" inside the second locked section. If the data that \"cnt\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 964| \t\t\t\tcnt |= ICH_PCM_20BIT;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 965| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 966|-> \t\tiputdword(chip, ICHREG(GLOB_CNT), cnt);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 967| \t\tbreak;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 968| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "snd_trident_interrupt", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3658, + "event": "path", + "message": "Condition \"(audio_int & (40U /* ADDRESS_IRQ | MPU401_IRQ */)) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3660, + "event": "path", + "message": "Condition \"audio_int & ADDRESS_IRQ\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3662, + "event": "lock", + "message": "Locking \"&trident->reg_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3665, + "event": "path", + "message": "Condition \"chn_int == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3666, + "event": "path", + "message": "Jumping to label \"__skip1\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3669, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"chn_int\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3670, + "event": "path", + "message": "Condition \"chn_int == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3672, + "event": "path", + "message": "Condition \"channel >= 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3674, + "event": "path", + "message": "Condition \"(chn_int & mask) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3675, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3672, + "event": "path", + "message": "Condition \"channel >= 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3674, + "event": "path", + "message": "Condition \"(chn_int & mask) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3675, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3672, + "event": "path", + "message": "Condition \"channel >= 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3674, + "event": "path", + "message": "Condition \"(chn_int & mask) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3677, + "event": "path", + "message": "Condition \"!voice->pcm\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3677, + "event": "path", + "message": "Condition \"voice->substream == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3682, + "event": "path", + "message": "Condition \"delta < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3684, + "event": "path", + "message": "Condition \"(unsigned int)delta < voice->spurious_threshold\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3692, + "event": "path", + "message": "Condition \"voice->isync\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3693, + "event": "path", + "message": "Condition \"!voice->isync3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3695, + "event": "path", + "message": "Condition \"trident->bDMAStart & 0x40\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3697, + "event": "path", + "message": "Condition \"tmp > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3699, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3702, + "event": "path", + "message": "Condition \"tmp < voice->isync_mark\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3703, + "event": "path", + "message": "Condition \"tmp > 16\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3704, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3712, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3728, + "event": "unlock", + "message": "Unlocking \"&trident->reg_lock\". \"chn_int\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3731, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3672, + "event": "path", + "message": "Condition \"channel >= 32\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3730, + "event": "lockagain", + "message": "Locking \"&trident->reg_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/trident/trident_main.c", + "line": 3732, + "event": "use", + "message": "Using an unreliable value of \"chn_int\" inside the second locked section. If the data that \"chn_int\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3730| \t\t\tspin_lock(&trident->reg_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3731| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3732|-> \t\toutl(chn_int, TRID_REG(trident, T4D_AINT_B));\t/* ack */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3733| \t __skip2:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3734| \t\tspin_unlock(&trident->reg_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "snd_via686_interrupt", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 625, + "event": "path", + "message": "Condition \"!(status & chip->intr_mask)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 633, + "event": "lock", + "message": "Locking \"&chip->reg_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 634, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 637, + "event": "path", + "message": "Condition \"!(c_status & (7 /* (2 | 1) | 4 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 638, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 634, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 637, + "event": "path", + "message": "Condition \"!(c_status & (7 /* (2 | 1) | 4 */))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 638, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 634, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 636, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"c_status\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 637, + "event": "path", + "message": "Condition \"!(c_status & (7 /* (2 | 1) | 4 */))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 639, + "event": "path", + "message": "Condition \"viadev->substream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 639, + "event": "path", + "message": "Condition \"viadev->running\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 645, + "event": "path", + "message": "Condition \"c_status & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 646, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 650, + "event": "unlock", + "message": "Unlocking \"&chip->reg_lock\". \"c_status\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 652, + "event": "lockagain", + "message": "Locking \"&chip->reg_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx.c", + "line": 655, + "event": "use", + "message": "Using an unreliable value of \"c_status\" inside the second locked section. If the data that \"c_status\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 653| \t\t\tviadev->in_interrupt = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 654| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 655|-> \t\toutb(c_status, VIADEV_REG(viadev, OFFSET_STATUS)); /* ack */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| \tspin_unlock(&chip->reg_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "snd_via82xx_interrupt", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 480, + "event": "path", + "message": "Condition \"!(status & chip->intr_mask)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 486, + "event": "lock", + "message": "Locking \"&chip->reg_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 487, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 491, + "event": "path", + "message": "Condition \"!c_status\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 492, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 487, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 491, + "event": "path", + "message": "Condition \"!c_status\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 492, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 487, + "event": "path", + "message": "Condition \"i < chip->num_devs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 489, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"c_status\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 491, + "event": "path", + "message": "Condition \"!c_status\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 493, + "event": "path", + "message": "Condition \"viadev->substream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 493, + "event": "path", + "message": "Condition \"viadev->running\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 494, + "event": "unlock", + "message": "Unlocking \"&chip->reg_lock\". \"c_status\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 496, + "event": "lockagain", + "message": "Locking \"&chip->reg_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/pci/via82xx_modem.c", + "line": 498, + "event": "use", + "message": "Using an unreliable value of \"c_status\" inside the second locked section. If the data that \"c_status\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 496| \t\t\tspin_lock(&chip->reg_lock);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 497| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 498|-> \t\toutb(c_status, VIADEV_REG(viadev, OFFSET_STATUS)); /* ack */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 499| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 500| \tspin_unlock(&chip->reg_lock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "skl_ipc_process_reply", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 442, + "event": "lock", + "message": "Locking \"spinlock_check(&ipc->dsp->spinlock)\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 443, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"msg\".", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 444, + "event": "unlock", + "message": "Unlocking \"&ipc->dsp->spinlock\". \"msg\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 445, + "event": "path", + "message": "Condition \"msg == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 452, + "event": "path", + "message": "Condition \"reply == IPC_GLB_REPLY_SUCCESS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 453, + "event": "path", + "message": "Condition \"0 /* __builtin_types_compatible_p() */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 453, + "event": "path", + "message": "Condition \"1 /* __builtin_types_compatible_p() */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 453, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 453, + "event": "path", + "message": "Condition \"!!branch\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 453, + "event": "path", + "message": "Condition \"({...; !!branch;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 456, + "event": "path", + "message": "Switch case value \"IPC_GLB_LOAD_MULTIPLE_MODS\".", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 462, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 468, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 484, + "event": "lockagain", + "message": "Locking \"spinlock_check(&ipc->dsp->spinlock)\" again.", + "verbosity_level": 1 + }, + { + "file_name": "kernel-5.14.0-362.13.1.el9_3/linux-5.14.0-362.13.1.el9.x86_64/sound/soc/intel/skylake/skl-sst-ipc.c", + "line": 485, + "event": "use", + "message": "Using an unreliable value of \"msg\" inside the second locked section. If the data that \"msg\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 483| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 484| \tspin_lock_irqsave(&ipc->dsp->spinlock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 485|-> \tsst_ipc_tx_msg_reply_complete(ipc, msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 486| \tspin_unlock_irqrestore(&ipc->dsp->spinlock, flags);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 487| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "handle_parent_connection", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 47, + "event": "path", + "message": "Condition \"verbose_output\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 51, + "event": "path", + "message": "Condition \"enable_debug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 58, + "event": "tainted_argument", + "message": "Calling function \"do_read\" taints argument \"*cmnd\".", + "verbosity_level": 1 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 58, + "event": "path", + "message": "Condition \"do_read(s, cmnd, 40UL /* sizeof (glibtop_command) */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 59, + "event": "path", + "message": "Condition \"enable_debug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 64, + "event": "path", + "message": "Condition \"cmnd->data_size >= 8192\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 75, + "event": "path", + "message": "Condition \"cmnd->data_size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 82, + "event": "path", + "message": "Condition \"cmnd->size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 83, + "event": "identity_transfer", + "message": "Passing \"cmnd->parameter\" as argument 2 to function \"memcpy\", which sets \"*parameter\" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 83, + "event": "tainted_data_transitive", + "message": "Call to function \"memcpy\" with tainted argument \"cmnd->parameter\" transitively taints \"parameter\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 86, + "event": "path", + "message": "Switch case value \"11\".", + "verbosity_level": 2 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 169, + "event": "identity_transfer", + "message": "Passing \"parameter\" as argument 2 to function \"memcpy\", which sets \"pid\" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 169, + "event": "tainted_data_transitive", + "message": "Call to function \"memcpy\" with tainted argument \"parameter\" transitively taints \"pid\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 170, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"pid\" and passing it to \"glibtop_get_proc_state_l\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "libgtop-2.40.0/src/daemon/main.c", + "line": 170, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| \tcase GLIBTOP_CMND_PROC_STATE:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| \t memcpy (&pid, parameter, sizeof (pid_t));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170|-> \t glibtop_get_proc_state_l", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| \t\t(server, &resp->u.data.proc_state, pid);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \t do_output (s, resp, _offset_data (proc_state), 0, NULL);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "print_dots", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "liblouis-3.16.1/tools/lou_trace.c", + "line": 103, + "event": "returned_string", + "message": "\"_lou_showDots\" returns a source buffer of 2048 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "liblouis-3.16.1/tools/lou_trace.c", + "line": 103, + "event": "string_overflow", + "message": "You might overrun the 512-character destination string \"dots\" by writing 2048 characters from \"_lou_showDots(buffer, length)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| print_dots(const widechar *buffer, int length) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \tstatic char dots[BUFSIZE];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> \tstrcpy(dots, _lou_showDots(buffer, length));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| \treturn dots;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "print_attributes", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "liblouis-3.16.1/tools/lou_trace.c", + "line": 117, + "event": "returned_string", + "message": "\"_lou_showAttributes\" returns a source buffer of 2048 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "liblouis-3.16.1/tools/lou_trace.c", + "line": 117, + "event": "string_overflow", + "message": "You might overrun the 512-character destination string \"attr\" by writing 2048 characters from \"_lou_showAttributes(a)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| print_attributes(unsigned int a) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \tstatic char attr[BUFSIZE];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117|-> \tstrcpy(attr, _lou_showAttributes(a));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| \treturn attr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "afu_init", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "libocxl-1.2.1/src/include/libocxl.h", + "line": 68, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "libocxl-1.2.1/src/afu.c", + "line": 210, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208| static void afu_init(ocxl_afu *afu)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210|-> \tmemset((char *)afu->identifier.afu_name, '\\0', sizeof(afu->identifier.afu_name));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211| \tafu->device_path = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| \tafu->sysfs_path = NULL;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_destroy_internal", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1148, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1154, + "event": "path", + "message": "Condition \"rk->rk_background.thread\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1161, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1176, + "event": "lock", + "message": "Locking \"&rk->rk_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1178, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1180, + "event": "path", + "message": "Condition \"rkt != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1180, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rkt_tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1180, + "event": "path", + "message": "Condition \"(rkt_tmp = rkt->rkt_link.tqe_next) , 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1181, + "event": "unlock", + "message": "Unlocking \"&rk->rk_lock\". \"rkt_tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1182, + "event": "unlock", + "message": "Unlocking \"rkt->rkt_lock\". \"rkt_tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1184, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1183, + "event": "lockagain", + "message": "Locking \"&rk->rk_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1180, + "event": "use", + "message": "Using an unreliable value of \"rkt_tmp\" inside the second locked section. If the data that \"rkt_tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1178| rd_kafka_dbg(rk, ALL, \"DESTROY\", \"Removing all topics\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1179| \t/* Decommission all topics */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1180|-> \tTAILQ_FOREACH_SAFE(rkt, &rk->rk_topics, rkt_link, rkt_tmp) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1181| \t\trd_kafka_wrunlock(rk);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1182| \t\trd_kafka_topic_partitions_remove(rkt);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_destroy_internal", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1148, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1154, + "event": "path", + "message": "Condition \"rk->rk_background.thread\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1161, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1176, + "event": "lock", + "message": "Locking \"&rk->rk_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1178, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0xfffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1180, + "event": "path", + "message": "Condition \"rkt != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1189, + "event": "path", + "message": "Condition \"rkb != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1189, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rkb_tmp\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1189, + "event": "path", + "message": "Condition \"(rkb_tmp = rkb->rkb_link.tqe_next) , 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1194, + "event": "unlock", + "message": "Unlocking \"&rk->rk_lock\". \"rkb_tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1196, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1196, + "event": "unlock", + "message": "Unlocking \"rkb->rkb_logname_lock\". \"rkb_tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1201, + "event": "unlock", + "message": "Unlocking \"rkb->rkb_ops->rkq_lock\". \"rkb_tmp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1206, + "event": "path", + "message": "Condition \"rk->rk_conf.term_sig\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1210, + "event": "path", + "message": "Condition \"rd_refcnt_sub0(&rkb->rkb_refcnt) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1210, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1213, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1212, + "event": "lockagain", + "message": "Locking \"&rk->rk_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 1189, + "event": "use", + "message": "Using an unreliable value of \"rkb_tmp\" inside the second locked section. If the data that \"rkb_tmp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1187| * Broker thread holds a refcount and detects when broker refcounts", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1188| * reaches 1 and then decommissions itself. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1189|-> TAILQ_FOREACH_SAFE(rkb, &rk->rk_brokers, rkb_link, rkb_tmp) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1190| /* Add broker's thread to wait_thrds list for later joining */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1191| thrd = malloc(sizeof(*thrd));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_consume_stop0", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2661, + "event": "lock", + "message": "\"mtx_lock\" locks \"rktp->rktp_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2662, + "event": "locked_destroy", + "message": "\"rd_kafka_toppar_desired_del\" destroys \"rktp->rktp_lock\" while it is locked.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2660| rd_kafka_topic_wrlock(rktp->rktp_rkt);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2661| rd_kafka_toppar_lock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2662|-> \trd_kafka_toppar_desired_del(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2663| rd_kafka_toppar_unlock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2664| \trd_kafka_topic_wrunlock(rktp->rktp_rkt);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_consume_stop", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2685, + "event": "path", + "message": "Condition \"partition == -1 /* (int32_t)-1 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2690, + "event": "lock", + "message": "Locking \"&rkt->rkt_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2691, + "event": "path", + "message": "Condition \"!(rktp = rd_kafka_toppar_get0(, 2691, rkt, partition, 0))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2691, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rktp\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2691, + "event": "path", + "message": "Condition \"!(rktp = rd_kafka_toppar_desired_get(rkt, partition))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2698, + "event": "unlock", + "message": "Unlocking \"&rkt->rkt_lock\". \"rktp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2700, + "event": "lockagain", + "message": "Locking \"rktp->rktp_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka.c", + "line": 2703, + "event": "use", + "message": "Using an unreliable value of \"rktp\" inside the second locked section. If the data that \"rktp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2701| \t/* set_last_error() called by stop0() */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2702| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2703|-> rd_kafka_toppar_destroy(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2704| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2705| return r;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_admin_common_worker_destroy", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_admin.c", + "line": 651, + "event": "path", + "message": "Condition \"rko->rko_u.admin_request.eonce\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_admin.c", + "line": 654, + "event": "path", + "message": "Condition \"timer_was_stopped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_admin.c", + "line": 655, + "event": "destroy", + "message": "\"rd_kafka_enq_once_del_source\" destroys \"rko->rko_u.admin_request.eonce->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_admin.c", + "line": 663, + "event": "uninitialized_use", + "message": "\"rd_kafka_enq_once_destroy\" uses \"rko->rko_u.admin_request.eonce->lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 661| * not the rko (the eonce holds a reference to the rko but", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 662| * it is cleared here). */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663|-> rd_kafka_enq_once_destroy(rko->rko_u.admin_request.eonce);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 664| rko->rko_u.admin_request.eonce = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 665| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_assignment_serve_removals", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 23, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 321, + "event": "path", + "message": "Condition \"rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 336, + "event": "path", + "message": "Condition \"rktp->rktp_started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 338, + "event": "path", + "message": "Condition \"!(rk->rk_consumer.assignment.started_cnt > 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 357, + "event": "path", + "message": "Condition \"!(rktpar->offset < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0x100\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"rktp->rktp_started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"was_pending\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"was_queried\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 379, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 321, + "event": "path", + "message": "Condition \"rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 336, + "event": "path", + "message": "Condition \"rktp->rktp_started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 338, + "event": "path", + "message": "Condition \"!(rk->rk_consumer.assignment.started_cnt > 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 357, + "event": "path", + "message": "Condition \"!(rktpar->offset < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"rk->rk_conf.debug & 0x100\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"rktp->rktp_started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"was_pending\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 370, + "event": "path", + "message": "Condition \"was_queried\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 379, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 321, + "event": "path", + "message": "Condition \"rktpar < &rk->rk_consumer.assignment.removed->elems[rk->rk_consumer.assignment.removed->cnt]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 336, + "event": "path", + "message": "Condition \"rktp->rktp_started\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 338, + "event": "path", + "message": "Condition \"!(rk->rk_consumer.assignment.started_cnt > 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 352, + "event": "lock", + "message": "\"mtx_lock\" locks \"rktp->rktp_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 357, + "event": "path", + "message": "Condition \"!(rktpar->offset < 0)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_assignment.c", + "line": 367, + "event": "locked_destroy", + "message": "\"rd_kafka_toppar_desired_del\" destroys \"rktp->rktp_lock\" while it is locked.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| /* Partition is no longer desired */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367|-> rd_kafka_toppar_desired_del(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 368| rd_kafka_toppar_unlock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 369| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_broker_set_nodename", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5646, + "event": "path", + "message": "Condition \"!(rkb->rkb_source == RD_KAFKA_LOGICAL)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5648, + "event": "path", + "message": "Condition \"!(rkb != from_rkb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5651, + "event": "path", + "message": "Condition \"from_rkb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5652, + "event": "lock", + "message": "Locking \"&from_rkb->rkb_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5654, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"nodeid\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5655, + "event": "unlock", + "message": "Unlocking \"&from_rkb->rkb_lock\". \"nodeid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5656, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5663, + "event": "path", + "message": "Condition \"strcmp(rkb->rkb_nodename, nodename)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5664, + "event": "path", + "message": "Condition \"rkb->rkb_rk->rk_conf.debug & 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5673, + "event": "path", + "message": "Condition \"rkb->rkb_nodeid != nodeid\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5674, + "event": "path", + "message": "Condition \"rkb->rkb_rk->rk_conf.debug & 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5662, + "event": "lockagain", + "message": "Locking \"&rkb->rkb_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_broker.c", + "line": 5677, + "event": "use", + "message": "Using an unreliable value of \"nodeid\" inside the second locked section. If the data that \"nodeid\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5675| \"Broker nodeid changed from %\"PRId32\" to %\"PRId32,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5676| rkb->rkb_nodeid, nodeid);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5677|-> rkb->rkb_nodeid = nodeid;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5678| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5679| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "rd_kafka_cgrp_handle_SyncGroup", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_proto.h", + "line": 380, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_cgrp.c", + "line": 5312, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5310| \t\t/* Empty assignment. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5311| \t\tassignment = rd_kafka_topic_partition_list_new(0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5312|-> \t\tmemset(&UserData, 0, sizeof(UserData));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5313| \t\tgoto done;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 5314| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_idemp_pid_fsm", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 198, + "event": "path", + "message": "Condition \"rd_kafka_fatal_error_code(rk)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 202, + "event": "path", + "message": "Switch case value \"RD_KAFKA_IDEMP_STATE_REQ_PID\".", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 215, + "event": "path", + "message": "Condition \"!(rk->rk_conf.eos.transactional_id != NULL)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 219, + "event": "path", + "message": "Jumping to label \"redo\".", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 202, + "event": "path", + "message": "Switch case value \"RD_KAFKA_IDEMP_STATE_WAIT_TRANSPORT\".", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 233, + "event": "path", + "message": "Condition \"rk->rk_conf.eos.transactional_id != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 245, + "event": "path", + "message": "Condition \"!rkb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 250, + "event": "path", + "message": "Condition \"!rkb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 250, + "event": "path", + "message": "Condition \"!rd_kafka_broker_is_up(rkb)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 264, + "event": "path", + "message": "Condition \"rkb->rkb_rk->rk_conf.debug & 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 266, + "event": "path", + "message": "Condition \"rk->rk_conf.eos.transactional_id != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 266, + "event": "path", + "message": "Condition \"rk->rk_eos.pid.id != -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 277, + "event": "path", + "message": "Condition \"rd_refcnt_sub0(&rkb->rkb_refcnt) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 277, + "event": "destroy", + "message": "\"rd_kafka_broker_destroy_final\" destroys \"rkb->rkb_logname_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 279, + "event": "path", + "message": "Condition \"err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 280, + "event": "path", + "message": "Condition \"rkb->rkb_rk->rk_conf.debug & 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_idempotence.c", + "line": 280, + "event": "uninitialized_use", + "message": "\"mtx_lock\" uses \"rkb->rkb_logname_lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279| if (err) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280|-> rd_rkb_dbg(rkb, EOS, \"GETPID\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 281| \"Can't acquire ProducerId from \"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 282| \"this broker: %s\", errstr);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_topic_partition_list_query_leaders_async_worker", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3540, + "event": "path", + "message": "Condition \"!((rko->rko_type & 2684354559U /* ~((int)(1 << 29) | (int)(1 << 30)) */) == RD_KAFKA_OP_LEADERS)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3542, + "event": "path", + "message": "Condition \"rko->rko_err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3543, + "event": "path", + "message": "Jumping to label \"reply\".", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3623, + "event": "path", + "message": "Condition \"rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.query_tmr, RD_DO_LOCK)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3626, + "event": "destroy", + "message": "\"rd_kafka_enq_once_del_source\" destroys \"rko->rko_u.leaders.eonce->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3628, + "event": "path", + "message": "Condition \"rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.timeout_tmr, RD_DO_LOCK)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3631, + "event": "uninitialized_use", + "message": "\"rd_kafka_enq_once_del_source\" uses \"rko->rko_u.leaders.eonce->lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3629| &rko->rko_u.leaders.timeout_tmr,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3630| RD_DO_LOCK))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3631|-> rd_kafka_enq_once_del_source(rko->rko_u.leaders.eonce,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3632| \"timeout timer\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3633| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_topic_partition_list_query_leaders_async_worker", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3540, + "event": "path", + "message": "Condition \"!((rko->rko_type & 2684354559U /* ~((int)(1 << 29) | (int)(1 << 30)) */) == RD_KAFKA_OP_LEADERS)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3542, + "event": "path", + "message": "Condition \"rko->rko_err\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3543, + "event": "path", + "message": "Jumping to label \"reply\".", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3623, + "event": "path", + "message": "Condition \"rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.query_tmr, RD_DO_LOCK)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3626, + "event": "destroy", + "message": "\"rd_kafka_enq_once_del_source\" destroys \"rko->rko_u.leaders.eonce->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3628, + "event": "path", + "message": "Condition \"rd_kafka_timer_stop(&rk->rk_timers, &rko->rko_u.leaders.timeout_tmr, RD_DO_LOCK)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3634, + "event": "path", + "message": "Condition \"rko->rko_u.leaders.eonce\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_partition.c", + "line": 3635, + "event": "uninitialized_use", + "message": "\"rd_kafka_enq_once_disable\" uses \"rko->rko_u.leaders.eonce->lock\" in an uninitialized state.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3633| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3634| if (rko->rko_u.leaders.eonce) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3635|-> rd_kafka_enq_once_disable(rko->rko_u.leaders.eonce);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3636| rko->rko_u.leaders.eonce = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3637| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_timers_run", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 255, + "event": "lock", + "message": "Locking \"rkts->rkts_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 257, + "event": "path", + "message": "Condition \"!(rd_atomic32_get(&rkts->rkts_rk->rk_terminate) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 257, + "event": "path", + "message": "Condition \"now <= end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 261, + "event": "path", + "message": "Condition \"timeout_us != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 266, + "event": "path", + "message": "Condition \"sleeptime > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 276, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rtmr\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 276, + "event": "path", + "message": "Condition \"rtmr = rkts->rkts_timers.tqh_first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 276, + "event": "path", + "message": "Condition \"rtmr->rtmr_next <= now\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 283, + "event": "path", + "message": "Condition \"rtmr->rtmr_oneshot\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 286, + "event": "unlock", + "message": "Unlocking \"rkts->rkts_lock\". \"rtmr\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 290, + "event": "lockagain", + "message": "Locking \"rkts->rkts_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_timer.c", + "line": 294, + "event": "use", + "message": "Using an unreliable value of \"rtmr\" inside the second locked section. If the data that \"rtmr\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| \t\t\t/* Restart timer, unless it has been stopped, or", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| \t\t\t * already reschedueld (start()ed) from callback. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294|-> \t\t\tif (rd_kafka_timer_started(rtmr) &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| \t\t\t !rd_kafka_timer_scheduled(rtmr))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296| \t\t\t\trd_kafka_timer_schedule(rkts, rtmr, 0);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_toppar_delegate_to_leader", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 713, + "event": "lock", + "message": "Locking \"&rktp->rktp_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 715, + "event": "path", + "message": "Condition \"!(rktp->rktp_leader_id != rktp->rktp_broker_id)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 717, + "event": "path", + "message": "Condition \"rktp->rktp_rkt->rkt_rk->rk_conf.debug & 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 723, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"leader\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 726, + "event": "unlock", + "message": "Unlocking \"&rktp->rktp_lock\". \"leader\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 727, + "event": "unlock", + "message": "Unlocking \"&rktp->rktp_rkt->rkt_rk->rk_lock\". \"leader\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 729, + "event": "lockagain", + "message": "Locking \"&rktp->rktp_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 730, + "event": "use", + "message": "Using an unreliable value of \"leader\" inside the second locked section. If the data that \"leader\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 728| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 729| rd_kafka_toppar_lock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 730|-> r = rd_kafka_toppar_broker_update(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 731| rktp, rktp->rktp_leader_id, leader,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 732| \"reverting from preferred replica to leader\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_topic_partition_cnt_update", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 757, + "event": "path", + "message": "Condition \"rkt->rkt_partition_cnt == partition_cnt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 760, + "event": "path", + "message": "Condition \"rkt->rkt_partition_cnt != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 760, + "event": "path", + "message": "Condition \"!(rd_atomic32_get(&rkt->rkt_rk->rk_terminate) & 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 766, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 776, + "event": "path", + "message": "Condition \"partition_cnt > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 777, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 781, + "event": "path", + "message": "Condition \"i < partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 782, + "event": "path", + "message": "Condition \"i >= rkt->rkt_partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 787, + "event": "path", + "message": "Condition \"rktp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 797, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 807, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 813, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 781, + "event": "path", + "message": "Condition \"i < partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 782, + "event": "path", + "message": "Condition \"i >= rkt->rkt_partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 787, + "event": "path", + "message": "Condition \"rktp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 797, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 807, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 813, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 781, + "event": "path", + "message": "Condition \"i < partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 782, + "event": "path", + "message": "Condition \"i >= rkt->rkt_partition_cnt\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 787, + "event": "path", + "message": "Condition \"rktp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 788, + "event": "lock", + "message": "\"mtx_lock\" locks \"rktp->rktp_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 795, + "event": "locked_destroy", + "message": "\"rd_kafka_toppar_desired_unlink\" destroys \"rktp->rktp_lock\" while it is locked.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 793| /* Remove from desp list since the", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 794| * partition is now known. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 795|-> rd_kafka_toppar_desired_unlink(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 796| rd_kafka_toppar_unlock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 797| \t\t\t} else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK", + "cwe": 667, + "function": "rd_kafka_topic_partitions_remove", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1325, + "event": "path", + "message": "Condition \"rktp = rd_list_elem(partitions, i)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1331, + "event": "path", + "message": "Condition \"rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1332, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1325, + "event": "path", + "message": "Condition \"rktp = rd_list_elem(partitions, i)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1331, + "event": "path", + "message": "Condition \"rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1332, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1325, + "event": "path", + "message": "Condition \"rktp = rd_list_elem(partitions, i)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1345, + "event": "path", + "message": "Condition \"i >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1345, + "event": "path", + "message": "Condition \"rktp = rd_list_elem(&rkt->rkt_desp, i)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1353, + "event": "path", + "message": "Condition \"rd_refcnt_sub0(&_RKTP->rktp_refcnt) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1354, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1345, + "event": "path", + "message": "Condition \"i >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1345, + "event": "path", + "message": "Condition \"rktp = rd_list_elem(&rkt->rkt_desp, i)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1349, + "event": "lock", + "message": "\"mtx_lock\" locks \"rktp->rktp_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_topic.c", + "line": 1350, + "event": "locked_destroy", + "message": "\"rd_kafka_toppar_desired_del\" destroys \"rktp->rktp_lock\" while it is locked.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1348| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1349| rd_kafka_toppar_lock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1350|-> rd_kafka_toppar_desired_del(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1351| rd_kafka_toppar_unlock(rktp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1352| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "rd_kafka_txn_handle_FindCoordinator", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2745, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2748, + "event": "path", + "message": "Condition \"request->rkbuf_reqhdr.ApiVersion >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2749, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2751, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2753, + "event": "path", + "message": "Condition \"request->rkbuf_reqhdr.ApiVersion >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"rkbuf->rkbuf_flags & 0x40\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"ErrorMsg.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"ErrorMsg.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"ErrorMsg.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Condition \"((ErrorMsg.len == -1) ? 0 : ErrorMsg.len) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2755, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2756, + "event": "path", + "message": "Condition \"ErrorCode\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2761, + "event": "path", + "message": "Condition \"err = ErrorCode\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2764, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"rkbuf->rkbuf_flags & 0x40\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"Host.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"Host.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"Host.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Condition \"((Host.len == -1) ? 0 : Host.len) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2765, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2766, + "event": "path", + "message": "Condition \"!rd_slice_read(&rkbuf->rkbuf_reader, &_v, __len2)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2768, + "event": "path", + "message": "Condition \"rkb->rkb_rk->rk_conf.debug & 0x8000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2768, + "event": "path", + "message": "Condition \"Host.len == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2773, + "event": "lock", + "message": "Locking \"&rk->rk_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2774, + "event": "path", + "message": "Condition \"NodeId == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2776, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"rkb\".", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2776, + "event": "path", + "message": "Condition \"!(rkb = rd_kafka_broker_find_by_nodeid0_fl(, 2776, rk, NodeId, -1, 0))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2782, + "event": "unlock", + "message": "Unlocking \"&rk->rk_lock\". \"rkb\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2784, + "event": "path", + "message": "Condition \"err\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2787, + "event": "lockagain", + "message": "Locking \"&rk->rk_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "librdkafka-1.6.1/src/rdkafka_txnmgr.c", + "line": 2788, + "event": "use", + "message": "Using an unreliable value of \"rkb\" inside the second locked section. If the data that \"rkb\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2786| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2787| rd_kafka_wrlock(rk);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2788|-> rd_kafka_txn_coord_set(rk, rkb, \"FindCoordinator response\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2789| rd_kafka_wrunlock(rk);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2790| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OVERRUN", + "cwe": 119, + "imp": 1, + "function": "printSVGAttribute", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 294, + "event": "path", + "message": "Condition \"node->status == SMI_STATUS_DEPRECATED\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 294, + "event": "path", + "message": "Condition \"!SHOW_DEPRECATED\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 294, + "event": "path", + "message": "Condition \"!SHOW_DEPR_OBSOLETE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 294, + "event": "path", + "message": "Condition \"node->status == SMI_STATUS_OBSOLETE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 301, + "event": "path", + "message": "Condition \"!index\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 313, + "event": "path", + "message": "Condition \"!index\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 314, + "event": "path", + "message": "Condition \"node->access == SMI_ACCESS_NOT_ACCESSIBLE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 316, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 322, + "event": "path", + "message": "Condition \"!STATIC_OUTPUT\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 323, + "event": "path", + "message": "Condition \"node->description\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 330, + "event": "path", + "message": "Condition \"index\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 351, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 356, + "event": "path", + "message": "Condition \"!STATIC_OUTPUT\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 357, + "event": "path", + "message": "Condition \"typeDescription = algGetTypeDescription(node)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 360, + "event": "path", + "message": "Condition \"algGetTypeModule(node)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 376, + "event": "strlen_assign", + "message": "Setting variable \"length\" to the return value of strlen called with argument \"tooltipDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 377, + "event": "buffer_alloc", + "message": "Calling allocating function \"xmalloc\" which allocates \"length\" bytes. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 377, + "event": "var_assign", + "message": "Assigning: \"tooltip\" = \"xmalloc(length)\".", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-svg.c", + "line": 378, + "event": "strcpy_overrun", + "message": "\"strcpy\", whose first argument \"tooltip\" has length equal to \"strlen\" of its second argument \"tooltipDescription\", will overrun its first argument because of the terminating null.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 376| \t\tlength = strlen(tooltipDescription);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 377| \t\ttooltip = (char *)xmalloc(length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 378|-> \t\tstrcpy(tooltip, tooltipDescription);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 379| \t }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 380| \t xfree(tooltipDescription);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "fprintRestrictions", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 438, + "event": "path", + "message": "Condition \"smiType->basetype == SMI_BASETYPE_ENUM\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 438, + "event": "path", + "message": "Condition \"smiType->basetype == SMI_BASETYPE_BITS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 447, + "event": "path", + "message": "Condition \"range\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 449, + "event": "returned_string", + "message": "\"getValueString\" returns a source buffer of 1024 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 449, + "event": "string_overflow", + "message": "You might overrun the 40-character destination string \"s1\" by writing 1024 characters from \"getValueString(&range->minValue, smiType)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 447| \tfor(i = 0, range = smiGetFirstRange(smiType);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 448| \t range ; range = smiGetNextRange(range), i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 449|-> \t strcpy(s1, getValueString(&range->minValue, smiType));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 450| \t strcpy(s2, getValueString(&range->maxValue, smiType));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 451| \t fprintf(f, \"%s%s\", (i == 0) ? \" [\" : \", \", s1);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "fprintRestrictions", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 438, + "event": "path", + "message": "Condition \"smiType->basetype == SMI_BASETYPE_ENUM\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 438, + "event": "path", + "message": "Condition \"smiType->basetype == SMI_BASETYPE_BITS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 447, + "event": "path", + "message": "Condition \"range\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 450, + "event": "returned_string", + "message": "\"getValueString\" returns a source buffer of 1024 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/dump-types.c", + "line": 450, + "event": "string_overflow", + "message": "You might overrun the 40-character destination string \"s2\" by writing 1024 characters from \"getValueString(&range->maxValue, smiType)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 448| \t range ; range = smiGetNextRange(range), i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 449| \t strcpy(s1, getValueString(&range->minValue, smiType));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 450|-> \t strcpy(s2, getValueString(&range->maxValue, smiType));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 451| \t fprintf(f, \"%s%s\", (i == 0) ? \" [\" : \", \", s1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 452| \t if (strcmp(s1, s2)) fprintf(f, \"..%s\", s2);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "COMPILER_WARNING", + "language": "c/c++", + "tool": "gcc", + "key_event_idx": 1, + "events": [ + { + "file_name": "libsmi-0.4.8/tools/smidiff.c", + "line": 0, + "event": "scope_hint", + "message": "In function 'cmpSmiValues'", + "verbosity_level": 1 + }, + { + "file_name": "libsmi-0.4.8/tools/smidiff.c", + "line": 840, + "column": 1, + "event": "note", + "message": "the ABI of passing union with 'long double' has changed in GCC 4.4", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 838| */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 839| static int ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 840|-> cmpSmiValues( SmiValue a, SmiValue b )", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 841| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 842| unsigned int i;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "get_url", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 35, + "event": "path", + "message": "Condition \"head\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 38, + "event": "path", + "message": "Condition \"loop\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 42, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 47, + "event": "path", + "message": "Condition \"!debug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 48, + "event": "path", + "message": "Condition \"msg->status_code == SOUP_STATUS_SSL_FAILED\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 55, + "event": "path", + "message": "Condition \"!quiet\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 59, + "event": "path", + "message": "Condition \"msg->status_code >= 300\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 59, + "event": "path", + "message": "Condition \"msg->status_code < 400\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 60, + "event": "tainted_return_value", + "message": "Function \"soup_message_headers_get_one\" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 60, + "event": "var_assign", + "message": "Assigning: \"header\" = \"soup_message_headers_get_one(msg->response_headers, \"Location\")\", which taints \"header\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 62, + "event": "path", + "message": "Condition \"header\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 66, + "event": "path", + "message": "Condition \"!debug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 66, + "event": "path", + "message": "Condition \"!quiet\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 69, + "event": "url_manipulation_sink", + "message": "Constructing a URL using the tainted value \"*header\" and passing it to \"soup_uri_new_with_base\". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/examples/get.c", + "line": 69, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| \t\t\t\tg_print (\" -> %s\\n\", header);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69|-> \t\t\turi = soup_uri_new_with_base (soup_message_get_uri (msg), header);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| \t\t\turi_string = soup_uri_to_string (uri, FALSE);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| \t\t\tget_url (uri_string);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "server_callback", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 287, + "event": "tainted_return_value", + "message": "Function \"soup_message_get_uri\" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 287, + "event": "tainted_data_transitive", + "message": "Call to function \"soup_uri_to_string\" with tainted argument \"*soup_message_get_uri(msg)->fragment\" transitively taints \"*soup_uri_to_string(soup_message_get_uri(msg), 0)\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 287, + "event": "var_assign", + "message": "Assigning: \"uristr\" = \"soup_uri_to_string(soup_message_get_uri(msg), 0)\", which taints \"uristr\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 291, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 291, + "event": "path", + "message": "Condition \"msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_CONNECT : (({...}) , _SOUP_METHOD_CONNECT))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 296, + "event": "url_manipulation_sink", + "message": "Constructing a URL using the tainted value \"*uristr\" and passing it to \"soup_message_new\". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/examples/simple-proxy.c", + "line": 296, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296|-> msg2 = soup_message_new (msg->method, uristr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297| \tsoup_message_headers_foreach (msg->request_headers, copy_header,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 298| \t\t\t\t msg2->request_headers);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "soup_request_file_ensure_file", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 128, + "event": "path", + "message": "Condition \"file->priv->gfile\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 131, + "event": "tainted_return_value", + "message": "Function \"soup_request_get_uri\" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 131, + "event": "var_assign", + "message": "Assigning: \"uri\" = \"soup_request_get_uri((SoupRequest *)g_type_check_instance_cast((GTypeInstance *)file, soup_request_get_type()))\", which taints \"uri\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 132, + "event": "tainted_data_transitive", + "message": "Call to function \"soup_uri_decode\" with tainted argument \"*uri->path\" transitively taints \"*soup_uri_decode(uri->path)\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 132, + "event": "var_assign", + "message": "Assigning: \"decoded_path\" = \"soup_uri_decode(uri->path)\", which taints \"decoded_path\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 138, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 138, + "event": "path", + "message": "Condition \"uri->scheme == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_URI_SCHEME_RESOURCE : (({...}) , _SOUP_URI_SCHEME_RESOURCE))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 145, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"*decoded_path\" and passing it to \"g_file_new_for_path\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-request-file.c", + "line": 145, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143| \t\tg_free (uri_str);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \t} else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145|-> \t\tfile->priv->gfile = g_file_new_for_path (decoded_path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \tg_free (decoded_path);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "redirection_uri", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1090, + "event": "tainted_return_value", + "message": "Function \"soup_message_headers_get_one\" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1090, + "event": "var_assign", + "message": "Assigning: \"new_loc\" = \"soup_message_headers_get_one(msg->response_headers, \"Location\")\", which taints \"new_loc\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1092, + "event": "path", + "message": "Condition \"!new_loc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1094, + "event": "url_manipulation_sink", + "message": "Constructing a URL using the tainted value \"*new_loc\" and passing it to \"soup_uri_new_with_base\". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1094, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1092| \tif (!new_loc)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1093| \t\treturn NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1094|-> \tnew_uri = soup_uri_new_with_base (soup_message_get_uri (msg), new_loc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1095| \tif (!new_uri || !new_uri->host) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1096| \t\tif (new_uri)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "get_connection", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 31, + "events": [ + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"soup_message_get_flags(item->msg) & SOUP_MESSAGE_NEW_CONNECTION\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"!(soup_message_get_flags(item->msg) & SOUP_MESSAGE_IDEMPOTENT)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_GET : (({...}) , _SOUP_METHOD_GET))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_HEAD : (({...}) , _SOUP_METHOD_HEAD))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_OPTIONS : (({...}) , _SOUP_METHOD_OPTIONS))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_PROPFIND : (({...}) , _SOUP_METHOD_PROPFIND))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_TRACE : (({...}) , _SOUP_METHOD_TRACE))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_PUT : (({...}) , _SOUP_METHOD_PUT))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1903, + "event": "path", + "message": "Condition \"item->msg->method == (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_DELETE : (({...}) , _SOUP_METHOD_DELETE))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1910, + "event": "lock", + "message": "Locking \"&priv->conn_lock\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1911, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"host\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1912, + "event": "path", + "message": "Condition \"1 /* !0 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1918, + "event": "path", + "message": "Condition \"conn\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1918, + "event": "path", + "message": "Condition \"item->async\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1921, + "event": "path", + "message": "Condition \"my_should_cleanup\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1931, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1912, + "event": "path", + "message": "Condition \"1 /* !0 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1918, + "event": "path", + "message": "Condition \"conn\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1918, + "event": "path", + "message": "Condition \"item->async\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1921, + "event": "path", + "message": "Condition \"my_should_cleanup\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1922, + "event": "unlock", + "message": "Unlocking \"&priv->conn_lock\". \"host\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1927, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1912, + "event": "path", + "message": "Condition \"1 /* !0 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1924, + "event": "lockagain", + "message": "Locking \"&priv->conn_lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-session.c", + "line": 1913, + "event": "use", + "message": "Using an unreliable value of \"host\" inside the second locked section. If the data that \"host\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1911| \thost = get_host_for_message (session, item->msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1912| \twhile (TRUE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1913|-> \t\tconn = get_connection_for_host (session, item, host,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1914| \t\t\t\t\t\tneed_new_connection,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1915| \t\t\t\t\t\tignore_connection_limits,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "soup_socket_get_http_proxy_uri", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1758, + "event": "path", + "message": "Condition \"!priv->gsock\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Condition \"!addr\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Condition \"!__inst\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Condition \"__inst->g_class\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Condition \"__inst->g_class->g_type == __t\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1761, + "event": "path", + "message": "Condition \"!({...; __r;})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1768, + "event": "path", + "message": "Condition \"strcmp(g_proxy_address_get_protocol(paddr), \"http\") != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1771, + "event": "tainted_return_value", + "message": "Function \"g_proxy_address_get_uri\" returns tainted data.", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1771, + "event": "url_manipulation_sink", + "message": "Constructing a URL using the tainted value \"*g_proxy_address_get_uri(paddr)\" and passing it to \"soup_uri_new\". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/libsoup/soup-socket.c", + "line": 1771, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1769| \t\treturn NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1770| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1771|-> \turi = soup_uri_new (g_proxy_address_get_uri (paddr));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1772| \tg_object_unref (addr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1773| \treturn uri;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "server_callback", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 32, + "event": "tainted_return_value", + "message": "Function \"soup_message_get_uri\" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 32, + "event": "var_assign", + "message": "Assigning: \"uri\" = \"soup_message_get_uri(msg)\", which taints \"uri\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 35, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 35, + "event": "path", + "message": "Condition \"msg->method != (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_GET : (({...}) , _SOUP_METHOD_GET))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 35, + "event": "path", + "message": "Condition \"({...; gapg_temp_newval;})\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 35, + "event": "path", + "message": "Condition \"msg->method != (char const *)(({...; gapg_temp_newval;}) ? _SOUP_METHOD_POST : (({...}) , _SOUP_METHOD_POST))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 40, + "event": "path", + "message": "Condition \"!strcmp(path, \"/redirect\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 45, + "event": "path", + "message": "Condition \"!strcmp(path, \"/alias-redirect\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 52, + "event": "tainted_data_transitive", + "message": "Call to function \"soup_uri_copy\" with tainted argument \"*uri->query\" transitively taints \"*soup_uri_copy(uri)->query\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 52, + "event": "var_assign", + "message": "Assigning: \"redirect_uri\" = \"soup_uri_copy(uri)\", which taints \"redirect_uri\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 54, + "event": "path", + "message": "Condition \"!g_strcmp0(redirect_protocol, \"https\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 55, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 59, + "event": "tainted_data_transitive", + "message": "Call to function \"soup_uri_to_string\" with tainted argument \"*redirect_uri->query\" transitively taints \"*soup_uri_to_string(redirect_uri, 0)\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 59, + "event": "var_assign", + "message": "Assigning: \"redirect_string\" = \"soup_uri_to_string(redirect_uri, 0)\", which taints \"redirect_string\".", + "verbosity_level": 1 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 61, + "event": "url_manipulation_sink", + "message": "Constructing a URL using the tainted value \"*redirect_string\" and passing it to \"soup_message_set_redirect\". This may allow an attacker to access or modify critical or sensitive files, or redirect to a malicious website.", + "verbosity_level": 0 + }, + { + "file_name": "libsoup-2.72.0/tests/misc-test.c", + "line": 61, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \t\tredirect_string = soup_uri_to_string (redirect_uri, FALSE);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> \t\tsoup_message_set_redirect (msg, SOUP_STATUS_FOUND, redirect_string);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t\tg_free (redirect_string);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \t\tsoup_uri_free (redirect_uri);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "res0_free_info", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "libvorbis-1.3.7/lib/backends.h", + "line": 116, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "libvorbis-1.3.7/lib/res0.c", + "line": 68, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| vorbis_info_residue0 *info=(vorbis_info_residue0 *)i;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| if(info){", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> memset(info,0,sizeof(*info));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| _ogg_free(info);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "vorbis_encode_residue_setup", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "libvorbis-1.3.7/lib/backends.h", + "line": 116, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "libvorbis-1.3.7/lib/vorbisenc.c", + "line": 465, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| _ogg_malloc(sizeof(*r));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 465|-> memcpy(r,res->res,sizeof(*r));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 466| if(ci->residues<=number)ci->residues=number+1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 467| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "pdlv_create", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "LVM2.2.03.21/daemons/lvmpolld/lvmpolld-data-utils.h", + "line": 48, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "LVM2.2.03.21/daemons/lvmpolld/lvmpolld-data-utils.c", + "line": 122, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| \t\tgoto err;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122|-> \tmemcpy(pdlv, &tmp, sizeof(*pdlv));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| \tif (pthread_mutex_init(&pdlv->lock, NULL))", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "__cl_disp_worker", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 83, + "event": "path", + "message": "Condition \"cl_qlist_count(&p_disp->msg_fifo)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 105, + "event": "path", + "message": "Condition \"p_msg->pfn_xmt_callback\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 112, + "event": "lock", + "message": "Locking \"p_disp->lock.mutex\".", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 116, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 83, + "event": "path", + "message": "Condition \"cl_qlist_count(&p_disp->msg_fifo)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 85, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"p_msg\".", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 97, + "event": "unlock", + "message": "Unlocking \"p_disp->lock.mutex\". \"p_msg\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 105, + "event": "path", + "message": "Condition \"p_msg->pfn_xmt_callback\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 112, + "event": "lockagain", + "message": "Locking \"p_disp->lock.mutex\" again.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/complib/cl_dispatcher.c", + "line": 115, + "event": "use", + "message": "Using an unreliable value of \"p_msg\" inside the second locked section. If the data that \"p_msg\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \t\t/* Return this message to the pool. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> \t\tcl_qpool_put(&p_disp->msg_pool, (cl_pool_item_t *) p_msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "trap_rcv_process_request", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 48, + "events": [ + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 398, + "event": "path", + "message": "Condition \"osm_exit_flag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 407, + "event": "path", + "message": "Condition \"p_madw->p_mad->mgmt_class == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 417, + "event": "path", + "message": "Condition \"p_smp->method != 5\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 432, + "event": "path", + "message": "Condition \"is_gsi == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 439, + "event": "path", + "message": "Condition \"p_madw->mad_addr.addr_type.smi.source_lid == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 443, + "event": "path", + "message": "Condition \"sm->p_subn->sm_base_lid == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 448, + "event": "path", + "message": "Condition \"osm_log_is_active_v2(sm->p_log, 8, OSM_FILE_TRAP_RCV_C)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 462, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 462, + "event": "lock", + "message": "Locking \"sm->p_lock->lock\".", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 462, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 465, + "event": "path", + "message": "Condition \"p_physp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 466, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 472, + "event": "path", + "message": "Condition \"status != IB_SUCCESS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 486, + "event": "path", + "message": "Condition \"is_gsi == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 487, + "event": "path", + "message": "Condition \"ib_notice_is_generic(p_ntci)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 487, + "event": "path", + "message": "Condition \"p_ntci->g_or_v.generic.trap_num == 33024 /* (uint16_t)((((uint16_t)129 & 0xff) << 8) | (((uint16_t)129 & 0xff00) >> 8)) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 497, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"source_lid\".", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 507, + "event": "path", + "message": "Condition \"num_received >= 10\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 508, + "event": "path", + "message": "Condition \"print_num_received(num_received)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 509, + "event": "path", + "message": "Condition \"osm_log_is_active_v2(sm->p_log, 4, OSM_FILE_TRAP_RCV_C)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 516, + "event": "path", + "message": "Condition \"physp_change_trap == 1 /* !0 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 520, + "event": "path", + "message": "Condition \"ret == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 522, + "event": "path", + "message": "Condition \"ret == 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 533, + "event": "path", + "message": "Condition \"physp_change_trap == 1 /* !0 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 536, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 543, + "event": "path", + "message": "Condition \"num_received >= 10\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 543, + "event": "path", + "message": "Condition \"run_heavy_sweep == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 552, + "event": "path", + "message": "Condition \"!ib_notice_is_generic(p_ntci)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 554, + "event": "path", + "message": "Condition \"__bswap_16(p_ntci->g_or_v.generic.trap_num) == 144\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 554, + "event": "path", + "message": "Condition \"p_ntci->data_details.ntc_144.local_changes & 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 554, + "event": "path", + "message": "Condition \"p_ntci->data_details.ntc_144.change_flgs & 256 /* (uint16_t)((((uint16_t)1 & 0xff) << 8) | (((uint16_t)1 & 0xff00) >> 8)) */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 569, + "event": "path", + "message": "Condition \"__bswap_16(p_ntci->g_or_v.generic.trap_num) == 145\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 570, + "event": "path", + "message": "Condition \"p_physp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 571, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 571, + "event": "unlock", + "message": "Unlocking \"sm->p_lock->lock\". \"source_lid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 571, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 572, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 572, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 576, + "event": "path", + "message": "Condition \"p_physp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 581, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 581, + "event": "unlock", + "message": "Unlocking \"sm->p_lock->lock\". \"source_lid\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 581, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 582, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 582, + "event": "path", + "message": "Condition \"0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 583, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 587, + "event": "path", + "message": "Jumping to label \"check_report\".", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 642, + "event": "path", + "message": "Condition \"is_gsi\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 582, + "event": "lockagain", + "message": "Locking \"sm->p_lock->lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/opensm/osm_trap_rcv.c", + "line": 654, + "event": "use", + "message": "Using an unreliable value of \"source_lid\" inside the second locked section. If the data that \"source_lid\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 652| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 653| \t\t/* Need to use the IssuerLID */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 654|-> \t\tp_port = osm_get_port_by_lid(sm->p_subn, source_lid);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 655| \t\tif (!p_port) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656| \t\t\tOSM_LOG(sm->p_log, OSM_LOG_VERBOSE,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "osmt_get_service_by_id", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 599, + "event": "path", + "message": "Condition \"osm_log_is_active(&p_osmt->log, 4)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 635, + "event": "path", + "message": "Condition \"p_osmt->opt.with_grh\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 641, + "event": "path", + "message": "Condition \"status != IB_SUCCESS\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 650, + "event": "path", + "message": "Condition \"status != IB_SUCCESS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 655, + "event": "path", + "message": "Condition \"status == IB_REMOTE_ERROR\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 656, + "event": "returned_string", + "message": "\"ib_get_mad_status_str\" returns a source buffer of 512 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "opensm-3.3.24/osmtest/osmt_service.c", + "line": 656, + "event": "string_overflow", + "message": "You might overrun the 256-character destination string \"mad_stat_err\" by writing 512 characters from \"ib_get_mad_status_str(osm_madw_get_mad_ptr(context.result.p_result_madw))\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 654| \t\t then this is fine */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 655| \t\tif (status == IB_REMOTE_ERROR)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656|-> \t\t\tstrcpy(mad_stat_err,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| \t\t\t ib_get_mad_status_str(osm_madw_get_mad_ptr", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 658| \t\t\t\t\t\t (context.result.", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider.main.anonymous%0(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 53, + "event": "insufficient_logging", + "message": "Calling \"ParseRSAPublicKeyFromPEM\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 53, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseRSAPublicKeyFromPEM(rsaPubBytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 56, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 54, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 54, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t\tpubKey, err := jwt.ParseRSAPublicKeyFromPEM(rsaPubBytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| \t\t\tpanic(err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider.main.anonymous%1(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 123, + "event": "insufficient_logging", + "message": "Calling \"ParseRSAPrivateKeyFromPEM\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 123, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseRSAPrivateKeyFromPEM(rsaPrivBytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 126, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 124, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/cmd/osbuild-mock-openid-provider/main.go", + "line": 124, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| \t\tprivKey, err := jwt.ParseRSAPrivateKeyFromPEM(rsaPrivBytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| \t\t\tpanic(err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/internal/upload/oci.Client.uploadToBucket(string, string, string, *os.File)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 78, + "event": "insufficient_logging", + "message": "Calling \"UploadFile\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 78, + "event": "assign", + "message": "Assigning: \"err\" = \"uploadManager.UploadFile(ctx, req)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 88, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 79, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 79, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| \tctx := context.Background()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| \tresp, err := uploadManager.UploadFile(ctx, req)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| \t\tif resp.IsResumable() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| \t\t\tresp, err = uploadManager.ResumeUploadFile(ctx, *resp.MultipartUploadResponse.UploadID)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/internal/upload/oci.NewClient(*github.com/osbuild/osbuild-composer/internal/upload/oci.ClientParams)(github.com/osbuild/osbuild-composer/internal/upload/oci.Client, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 182, + "event": "insufficient_logging", + "message": "Calling \"NewObjectStorageClientWithConfigurationProvider\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 182, + "event": "assign", + "message": "Assigning: \"err\" = \"NewObjectStorageClientWithConfigurationProvider(configProvider)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 187, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 185, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 185, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| \t// this disables the default 60 seconds timeout, to support big files upload (the common scenario)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| \tstorageClient.HTTPClient = &http.Client{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| \t\treturn Client{}, fmt.Errorf(\"failed to create an Oracle objectstorage client: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/internal/upload/oci.NewClient(*github.com/osbuild/osbuild-composer/internal/upload/oci.ClientParams)(github.com/osbuild/osbuild-composer/internal/upload/oci.Client, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 188, + "event": "insufficient_logging", + "message": "Calling \"NewIdentityClientWithConfigurationProvider\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 188, + "event": "assign", + "message": "Assigning: \"err\" = \"NewIdentityClientWithConfigurationProvider(configProvider)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 191, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 189, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 189, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| \tidentityClient, err := identity.NewIdentityClientWithConfigurationProvider(configProvider)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| \t\treturn Client{}, fmt.Errorf(\"failed to create an Oracle identity client: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/internal/upload/oci.NewClient(*github.com/osbuild/osbuild-composer/internal/upload/oci.ClientParams)(github.com/osbuild/osbuild-composer/internal/upload/oci.Client, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 192, + "event": "insufficient_logging", + "message": "Calling \"NewComputeClientWithConfigurationProvider\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 192, + "event": "assign", + "message": "Assigning: \"err\" = \"NewComputeClientWithConfigurationProvider(configProvider)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 195, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 193, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 193, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192| \tcomputeClient, err := core.NewComputeClientWithConfigurationProvider(configProvider)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| \t\treturn Client{}, fmt.Errorf(\"failed to create an Oracle compute client: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/osbuild/osbuild-composer/internal/upload/oci.NewClient(*github.com/osbuild/osbuild-composer/internal/upload/oci.ClientParams)(github.com/osbuild/osbuild-composer/internal/upload/oci.Client, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 196, + "event": "insufficient_logging", + "message": "Calling \"NewWorkRequestClientWithConfigurationProvider\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 196, + "event": "assign", + "message": "Assigning: \"err\" = \"NewWorkRequestClientWithConfigurationProvider(configProvider)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 199, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 197, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/internal/upload/oci/upload.go", + "line": 197, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 196| \tworkRequestsClient, err := workrequests.NewWorkRequestClientWithConfigurationProvider(configProvider)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 197|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| \t\treturn Client{}, fmt.Errorf(\"failed to create an Oracle workrequests client: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "cloud.google.com/go/compute/metadata.Client.getETag(string)(string, string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 299, + "event": "path", + "message": "Condition \"host == \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 310, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 318, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 321, + "event": "path", + "message": "Condition \"res != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 324, + "event": "path", + "message": "Condition \"shouldRetry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 325, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 328, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 318, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 321, + "event": "path", + "message": "Condition \"res != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 324, + "event": "path", + "message": "Condition \"shouldRetry\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 325, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 328, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 318, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 321, + "event": "path", + "message": "Condition \"res != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 321, + "event": "var_compare_op", + "message": "Comparing \"res\" to null implies that \"res\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 324, + "event": "path", + "message": "Condition \"shouldRetry\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 330, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 332, + "event": "path", + "message": "Condition \"reqErr != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 335, + "event": "null_field_access", + "message": "Accessing field of null object \"res\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| \t\treturn \"\", \"\", reqErr", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335|-> \tdefer res.Body.Close()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| \tif res.StatusCode == http.StatusNotFound {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337| \t\treturn \"\", \"\", NotDefinedError(suffix)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "cloud.google.com/go/compute/metadata.Client.Subscribe(string, (string, bool)error)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 501, + "event": "taint", + "message": "Calling \"getETag\". This call taints \".$1\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 501, + "event": "assign", + "message": "Assigning: \"lastETag\" = \"c.getETag(suffix)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 517, + "event": "identity", + "message": "Calling \"QueryEscape\". This call assigns \"lastETag\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 517, + "event": "sink", + "message": "Calling \"getETag\". This call uses a tainted string for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/compute/metadata/metadata.go", + "line": 517, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516| \tfor {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517|-> \t\tval, etag, err := c.getETag(suffix + url.QueryEscape(lastETag))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 519| \t\t\tif _, deleted := err.(NotDefinedError); !deleted {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "cloud.google.com/go/storage.parseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go", + "line": 1070, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go", + "line": 1070, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go", + "line": 1076, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go", + "line": 1071, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/cloud.google.com/go/storage/storage.go", + "line": 1071, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1069| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1070| \tparsedKey, err := x509.ParsePKCS8PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1071|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1072| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1073| \t\tif err != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/Azure/go-autorest/autorest/azure/auth.ClientCertificateConfig.ServicePrincipalToken()(*github.com/Azure/go-autorest/autorest/adal.ServicePrincipalToken, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 643, + "event": "insufficient_logging", + "message": "Calling \"DecodePfxCertificateData\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 643, + "event": "assign", + "message": "Assigning: \"err\" = \"DecodePfxCertificateData(certData, ccc.CertificatePassword)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 646, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 644, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 644, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 642| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 643| \tcertificate, rsaPrivateKey, err := adal.DecodePfxCertificateData(certData, ccc.CertificatePassword)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 644|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 645| \t\treturn nil, fmt.Errorf(\"failed to decode pkcs12 certificate while creating spt: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 646| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/Azure/go-autorest/autorest/azure/auth.ClientCertificateConfig.MultiTenantServicePrincipalToken()(*github.com/Azure/go-autorest/autorest/adal.MultiTenantServicePrincipalToken, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 660, + "event": "insufficient_logging", + "message": "Calling \"DecodePfxCertificateData\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 660, + "event": "assign", + "message": "Assigning: \"err\" = \"DecodePfxCertificateData(certData, ccc.CertificatePassword)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 663, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 661, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/Azure/go-autorest/autorest/azure/auth/auth.go", + "line": 661, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 659| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 660| \tcertificate, rsaPrivateKey, err := adal.DecodePfxCertificateData(certData, ccc.CertificatePassword)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 661|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 662| \t\treturn nil, fmt.Errorf(\"failed to decode pkcs12 certificate while creating spt: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/asaskevich/govalidator.IsRsaPublicKey(string, int)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 939, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 939, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKIXPublicKey(der)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 942, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 940, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/asaskevich/govalidator/validator.go", + "line": 940, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 938| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 939| \tkey, err := x509.ParsePKIXPublicKey(der)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 940|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 941| \t\treturn false", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 942| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/aws/aws-sdk-go/aws/session.sharedConfig.validateSSOTokenProviderConfiguration()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 583, + "event": "path", + "message": "Condition \"len(c.SSOSessionName) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 587, + "event": "path", + "message": "Condition \"c.SSOSession == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 587, + "event": "var_compare_op", + "message": "Comparing \"c.SSOSession\" to null implies that \"c.SSOSession\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 589, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 599, + "event": "path", + "message": "Condition \"len(missing) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 604, + "event": "path", + "message": "Condition \"len(c.SSORegion) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 604, + "event": "null_field_access", + "message": "Accessing field of null object \"c.SSOSession\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 602| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 603| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 604|-> \tif len(c.SSORegion) > 0 && c.SSORegion != c.SSOSession.SSORegion {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 605| \t\treturn fmt.Errorf(\"%s in profile %q must match %s in %s\", ssoRegionKey, c.Profile, ssoRegionKey, ssoSectionPrefix)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 606| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/aws/aws-sdk-go/aws/session.sharedConfig.validateSSOTokenProviderConfiguration()error", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 583, + "event": "path", + "message": "Condition \"len(c.SSOSessionName) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 587, + "event": "path", + "message": "Condition \"c.SSOSession == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 587, + "event": "var_compare_op", + "message": "Comparing \"c.SSOSession\" to null implies that \"c.SSOSession\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 589, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 599, + "event": "path", + "message": "Condition \"len(missing) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 604, + "event": "path", + "message": "Condition \"len(c.SSORegion) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 608, + "event": "path", + "message": "Condition \"len(c.SSOStartURL) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/aws/aws-sdk-go/aws/session/shared_config.go", + "line": 608, + "event": "null_field_access", + "message": "Accessing field of null object \"c.SSOSession\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 606| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 607| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 608|-> \tif len(c.SSOStartURL) > 0 && c.SSOStartURL != c.SSOSession.SSOStartURL {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 609| \t\treturn fmt.Errorf(\"%s in profile %q must match %s in %s\", ssoStartURL, c.Profile, ssoStartURL, ssoSectionPrefix)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 610| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/pkg/tlsclientconfig.SetupCertificates(string, *crypto/tls.Config)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go", + "line": 50, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go", + "line": 50, + "event": "assign", + "message": "Assigning: \"err\" = \"SystemCertPool()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go", + "line": 53, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go", + "line": 51, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/pkg/tlsclientconfig/tlsclientconfig.go", + "line": 51, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \t\t\tif tlsc.RootCAs == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| \t\t\t\tsystemPool, err := x509.SystemCertPool()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51|-> \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\t\t\t\treturn fmt.Errorf(\"unable to get system cert pool: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t\t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/signature.prSigstoreSigned.prepareTrustRoot()(*github.com/containers/image/v5/signature.sigstoreSignedTrustRoot, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 82, + "event": "insufficient_logging", + "message": "Calling \"UnmarshalPEMToPublicKey\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 82, + "event": "assign", + "message": "Assigning: \"err\" = \"UnmarshalPEMToPublicKey(publicKeyPEM)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 85, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 83, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 83, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| \tif publicKeyPEM != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\tpk, err := cryptoutils.UnmarshalPEMToPublicKey(publicKeyPEM)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| \t\t\treturn nil, fmt.Errorf(\"parsing public key: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/signature.prSigstoreSigned.prepareTrustRoot()(*github.com/containers/image/v5/signature.sigstoreSignedTrustRoot, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 102, + "event": "insufficient_logging", + "message": "Calling \"UnmarshalPEMToPublicKey\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 102, + "event": "assign", + "message": "Assigning: \"err\" = \"UnmarshalPEMToPublicKey(rekorPublicKeyPEM)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 105, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 103, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 103, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \tif rekorPublicKeyPEM != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \t\tpk, err := cryptoutils.UnmarshalPEMToPublicKey(rekorPublicKeyPEM)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| \t\t\treturn nil, fmt.Errorf(\"parsing Rekor public key: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/signature.prSigstoreSigned.isSignatureAccepted(context.Context, github.com/containers/image/v5/internal/private.UnparsedImage, github.com/containers/image/v5/internal/signature.Sigstore)(github.com/containers/image/v5/signature.signatureAcceptanceResult, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 152, + "event": "insufficient_logging", + "message": "Calling \"MarshalPublicKeyToPEM\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 152, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPublicKeyToPEM(trustRoot.publicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 158, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 153, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/policy_eval_sigstore.go", + "line": 153, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| \t\t\t// FIXME: We could just generate DER instead of the full PEM text", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| \t\t\trecreatedPublicKeyPEM, err := cryptoutils.MarshalPublicKeyToPEM(trustRoot.publicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153|-> \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154| \t\t\t\t// Coverage: The key was loaded from a PEM format, so it’s unclear how this could fail.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \t\t\t\t// (PEM is not essential, MarshalPublicKeyToPEM can only fail if marshaling to ASN1.DER fails.)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/signature/sigstore.loadPrivateKey([]byte, []byte)(github.com/sigstore/sigstore/pkg/signature.SignerVerifier, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go", + "line": 59, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go", + "line": 59, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(x509Encoded)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go", + "line": 62, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go", + "line": 60, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/copied.go", + "line": 60, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \tpk, err := x509.ParsePKCS8PrivateKey(x509Encoded)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t\treturn nil, fmt.Errorf(\"parsing private key: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/image/v5/signature/sigstore.WithPrivateKeyFile.anonymous%0(*github.com/containers/image/v5/signature/sigstore/internal.SigstoreSigner)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go", + "line": 38, + "event": "insufficient_logging", + "message": "Calling \"MarshalPublicKeyToPEM\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go", + "line": 38, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPublicKeyToPEM(publicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go", + "line": 41, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go", + "line": 39, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/image/v5/signature/sigstore/signer.go", + "line": 39, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| \t\tpublicKeyPEM, err := cryptoutils.MarshalPublicKeyToPEM(publicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| \t\t\treturn fmt.Errorf(\"converting public key to PEM: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.GenerateCACertPool(github.com/containers/libtrust.PrivateKey, []github.com/containers/libtrust.PublicKey)(*crypto/x509.CertPool, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go", + "line": 127, + "event": "insufficient_logging", + "message": "Calling \"GenerateCACert\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go", + "line": 127, + "event": "assign", + "message": "Assigning: \"err\" = \"GenerateCACert(signer, trustedKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go", + "line": 130, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go", + "line": 128, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/certificates.go", + "line": 128, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| \tfor _, trustedKey := range trustedKeys {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| \t\tcert, err := GenerateCACert(signer, trustedKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \t\t\treturn nil, fmt.Errorf(\"failed to generate CA certificate: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.ecPublicKey.PEMBlock()(*encoding/pem.Block, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 141, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 141, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPKIXPublicKey(k.PublicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 144, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 142, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 142, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 140| func (k *ecPublicKey) PEMBlock() (*pem.Block, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \tderBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143| \t\treturn nil, fmt.Errorf(\"unable to serialize EC PublicKey to DER-encoded PKIX format: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.ecPrivateKey.PEMBlock()(*encoding/pem.Block, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 330, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 330, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalECPrivateKey(k.PrivateKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 333, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 331, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/ec_key.go", + "line": 331, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329| func (k *ecPrivateKey) PEMBlock() (*pem.Block, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| \tderBytes, err := x509.MarshalECPrivateKey(k.PrivateKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332| \t\treturn nil, fmt.Errorf(\"unable to serialize EC PrivateKey to DER-encoded PKIX format: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.UnmarshalPrivateKeyPEM([]byte)(github.com/containers/libtrust.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go", + "line": 147, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go", + "line": 147, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(pemBlock.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go", + "line": 150, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go", + "line": 148, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key.go", + "line": 148, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| \tcase pemBlock.Type == \"RSA PRIVATE KEY\":", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \t\trsaPrivateKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| \t\t\treturn nil, fmt.Errorf(\"unable to decode RSA Private Key PEM data: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.NewIdentityAuthTLSConfig(github.com/containers/libtrust.PrivateKey, *github.com/containers/libtrust.ClientKeyManager, string, string)(*crypto/tls.Config, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go", + "line": 112, + "event": "insufficient_logging", + "message": "Calling \"GenerateSelfSignedServerCert\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go", + "line": 112, + "event": "assign", + "message": "Assigning: \"err\" = \"GenerateSelfSignedServerCert(trustKey, domains, ips)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go", + "line": 115, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go", + "line": 113, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/key_manager.go", + "line": 113, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| \tdomains = append(domains, domain)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| \tx509Cert, err := GenerateSelfSignedServerCert(trustKey, domains, ips)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \t\treturn nil, fmt.Errorf(\"certificate generation error: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.rsaPublicKey.PEMBlock()(*encoding/pem.Block, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go", + "line": 98, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go", + "line": 98, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPKIXPublicKey(k.PublicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go", + "line": 101, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go", + "line": 99, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/rsa_key.go", + "line": 99, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| func (k *rsaPublicKey) PEMBlock() (*pem.Block, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \tderBytes, err := x509.MarshalPKIXPublicKey(k.PublicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t\treturn nil, fmt.Errorf(\"unable to serialize RSA PublicKey to DER-encoded PKIX format: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SENSITIVE_DATA_LEAK", + "cwe": 313, + "function": "github.com/containers/libtrust.LoadOrCreateTrustKey(string)(github.com/containers/libtrust.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 31, + "event": "sensitive_data", + "message": "Calling \"GenerateECP256PrivateKey\". This call stores sensitive data in \"(.$0).PrivateKey\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 31, + "event": "assign", + "message": "Assigning: \"trustKey\" = \"GenerateECP256PrivateKey()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 36, + "event": "sink", + "message": "Calling \"SaveKey\". This stores the sensitive data \"trustKey\" to the filesystem. It may be exposed to unintended individuals.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 36, + "event": "remediation", + "message": "Do not leak this data to the filesystem.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36|-> \t\tif err := SaveKey(trustKeyPath, trustKey); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| \t\t\treturn nil, fmt.Errorf(\"error saving key file: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.NewIdentityAuthTLSClientConfig(string, bool, string, string)(*crypto/tls.Config, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 96, + "event": "insufficient_logging", + "message": "Calling \"GenerateSelfSignedClientCert\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 96, + "event": "assign", + "message": "Assigning: \"err\" = \"GenerateSelfSignedClientCert(trustKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 99, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 97, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 97, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| \tx509Cert, err := GenerateSelfSignedClientCert(trustKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \t\treturn nil, fmt.Errorf(\"certificate generation error: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.keyIDFromCryptoKey(github.com/containers/libtrust.PublicKey)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 200, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 200, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPKIXPublicKey(pubKey.CryptoPublicKey())\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 203, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 201, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 201, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| \t// ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200| \tderBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202| \t\treturn \"\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/libtrust.pubKeyFromPEMBlock(*encoding/pem.Block)(github.com/containers/libtrust.PublicKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 338, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 338, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKIXPublicKey(pemBlock.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 341, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 339, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/libtrust/util.go", + "line": 339, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337| func pubKeyFromPEMBlock(pemBlock *pem.Block) (PublicKey, error) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| \tcryptoPublicKey, err := x509.ParsePKIXPublicKey(pemBlock.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340| \t\treturn nil, fmt.Errorf(\"unable to decode Public Key PEM data: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt.preUnwrapKey(github.com/containers/ocicrypt/keywrap.KeyWrapper, *github.com/containers/ocicrypt/config.DecryptConfig, string)([]byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go", + "line": 272, + "event": "insufficient_logging", + "message": "Calling \"UnwrapKey\". This function call creates a logging obligation. (The interface method resolves to \"pkcs7.pkcs7KeyWrapper.UnwrapKey(config.DecryptConfig *, []byte)\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go", + "line": 272, + "event": "assign", + "message": "Assigning: \"err\" = \"keywrapper.UnwrapKey(dc, annotation)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go", + "line": 276, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go", + "line": 273, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/encryption.go", + "line": 273, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| \t\toptsData, err := keywrapper.UnwrapKey(dc, annotation)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274| \t\t\terrs += fmt.Sprintf(\"- %s\\n\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| \t\t\tcontinue", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/keywrap/jwe.jweKeyWrapper.UnwrapKey(*github.com/containers/ocicrypt/config.DecryptConfig, []byte)([]byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go", + "line": 87, + "event": "insufficient_logging", + "message": "Calling \"DecryptMulti\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go", + "line": 87, + "event": "assign", + "message": "Assigning: \"err\" = \"jwe.DecryptMulti(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go", + "line": 90, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go", + "line": 88, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go", + "line": 88, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| \t\t_, _, plain, err := jwe.DecryptMulti(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88|-> \t\tif err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| \t\t\treturn plain, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/keywrap/pkcs7.pkcs7KeyWrapper.UnwrapKey(*github.com/containers/ocicrypt/config.DecryptConfig, []byte)([]byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go", + "line": 106, + "event": "insufficient_logging", + "message": "Calling \"Parse\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go", + "line": 106, + "event": "assign", + "message": "Assigning: \"err\" = \"Parse(pkcs7Packet)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go", + "line": 109, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go", + "line": 107, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go", + "line": 107, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \tp7, err := pkcs7.Parse(pkcs7Packet)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \t\treturn nil, fmt.Errorf(\"could not parse PKCS7 packet: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/utils.CreateRSATestKey(int, []byte, bool)([]byte, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 49, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 49, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPKIXPublicKey(&key.PublicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 52, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 50, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 50, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| \tpubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| \t\treturn nil, nil, fmt.Errorf(\"x509.MarshalPKIXPublicKey failed: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/utils.CreateECDSATestKey(crypto/elliptic.Curve)([]byte, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 93, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 93, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalPKIXPublicKey(&key.PublicKey)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 96, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 94, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 94, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| \tpubData, err := x509.MarshalPKIXPublicKey(&key.PublicKey)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\treturn nil, nil, fmt.Errorf(\"x509.MarshalPKIXPublicKey failed: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/utils.CreateECDSATestKey(crypto/elliptic.Curve)([]byte, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 98, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 98, + "event": "assign", + "message": "Assigning: \"err\" = \"MarshalECPrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 101, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 99, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 99, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \tprivData, err := x509.MarshalECPrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t\treturn nil, nil, fmt.Errorf(\"x509.MarshalECPrivateKey failed: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/utils.certifyKey(interface{}, *crypto/x509.Certificate, *crypto/rsa.PrivateKey, *crypto/x509.Certificate)(*crypto/x509.Certificate, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 159, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 159, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificate(certDER)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 162, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 160, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/testing.go", + "line": 160, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \tcert, err := x509.ParseCertificate(certDER)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161| \t\treturn nil, fmt.Errorf(\"x509.ParseCertificate failed: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/containers/ocicrypt/utils.ParsePrivateKey([]byte, []byte, string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go", + "line": 102, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go", + "line": 102, + "event": "assign", + "message": "Assigning: \"err\" = \"DecryptPEMBlock(block, privKeyPassword)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go", + "line": 105, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go", + "line": 103, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/containers/ocicrypt/utils/utils.go", + "line": 103, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| \t\t\t\tder, err = x509.DecryptPEMBlock(block, privKeyPassword) //nolint:staticcheck // ignore SA1019, which is kept for backward compatibility", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| \t\t\t\t\treturn nil, fmt.Errorf(\"%s: Wrong password: could not decrypt private key\", prefix)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/docker/go-connections/tlsconfig.certPool(string, bool)(*crypto/x509.CertPool, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 106, + "event": "insufficient_logging", + "message": "Calling \"SystemCertPool\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 106, + "event": "assign", + "message": "Assigning: \"err\" = \"SystemCertPool()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 109, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 107, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 107, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t\tcertPool, err = SystemCertPool()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \t\t\treturn nil, fmt.Errorf(\"failed to read system certificates: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/docker/go-connections/tlsconfig.getPrivateKey([]byte, string)([]byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 161, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 161, + "event": "assign", + "message": "Assigning: \"err\" = \"DecryptPEMBlock(pemBlock, ([]byte)passphrase)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 164, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 162, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/docker/go-connections/tlsconfig/config.go", + "line": 162, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \tif x509.IsEncryptedPEMBlock(pemBlock) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161| \t\tkeyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(passphrase))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| \t\t\treturn nil, errors.Wrap(err, \"private key is encrypted, but could not decrypt it\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 164| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/jsoninfo.ObjectEncoder.EncodeStructFieldsAndExtensions(interface{})error", + "language": "go", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 60, + "event": "path", + "message": "Condition \"reflection.Kind() != 22 /* Ptr */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 64, + "event": "path", + "message": "Condition \"reflection.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 83, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 97, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 101, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"v\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 103, + "event": "path", + "message": "Switch case value \"Ptr\".", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 105, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 155, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 159, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 80, + "event": "path", + "message": "Condition \" < len(typeInfo.Fields)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 82, + "event": "path", + "message": "Condition \"!field.HasJSONTag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 88, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 89, + "event": "path", + "message": "Condition \"fieldValue.IsNil()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/jsoninfo/marshal.go", + "line": 96, + "event": "null_method_call", + "message": "Calling a method on null object \"v\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t\t\t\tcontinue", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96|-> \t\t\tfieldData, err := v.MarshalJSON()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \t\t\t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Links.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 16, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 20, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 20, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/link.go", + "line": 23, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 21| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 22| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 23|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Parameters.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 36, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 40, + "event": "path", + "message": "Condition \"index < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 40, + "event": "path", + "message": "Condition \"index >= len(p)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 46, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 46, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/parameter.go", + "line": 49, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.RequestBodies.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 18, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 22, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 22, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/request_body.go", + "line": 25, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 23| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.Responses.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 47, + "event": "path", + "message": "Condition \"ok == false\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 51, + "event": "path", + "message": "Condition \"ref != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 51, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/response.go", + "line": 54, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> \treturn ref.Value, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/openapi3.SchemaRefs.JSONLookup(string)(interface{}, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 88, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 92, + "event": "path", + "message": "Condition \"i >= (uint64)len(s)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 98, + "event": "path", + "message": "Condition \"ref == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 98, + "event": "var_compare_op", + "message": "Comparing \"ref\" to null implies that \"ref\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/openapi3/schema.go", + "line": 99, + "event": "null_field_access", + "message": "Accessing field of null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| \tif ref == nil || ref.Ref != \"\" {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99|-> \t\treturn &Ref{Ref: ref.Ref}, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| \treturn ref.Value, nil", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/getkin/kin-openapi/routers/legacy.Router.FindRoute(*net/http.Request)(*github.com/getkin/kin-openapi/routers.Route, map[string]string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 117, + "event": "path", + "message": "Condition \"len(servers) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 119, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 142, + "event": "path", + "message": "Condition \"node != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 142, + "event": "var_compare_op", + "message": "Comparing \"node\" to null implies that \"node\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 145, + "event": "path", + "message": "Condition \"route == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 147, + "event": "path", + "message": "Condition \"pathItem == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 150, + "event": "path", + "message": "Condition \"pathItem.GetOperation(method) == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 155, + "event": "path", + "message": "Condition \"pathParams == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/getkin/kin-openapi/routers/legacy/router.go", + "line": 158, + "event": "null_field_access", + "message": "Accessing field of null object \"node\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \t\tpathParams = make(map[string]string, len(paramValues))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \tparamKeys := node.VariableNames", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \tfor i, value := range paramValues {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t\tkey := paramKeys[i]", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/go-openapi/validate.SchemaValidator.Validate(interface{})*github.com/go-openapi/validate.Result", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 112, + "event": "path", + "message": "Condition \"s == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 115, + "event": "path", + "message": "Condition \"s.Schema != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 115, + "event": "var_compare_op", + "message": "Comparing \"s.Schema\" to null implies that \"s.Schema\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 119, + "event": "path", + "message": "Condition \"data == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 127, + "event": "path", + "message": "Condition \"kind == 22 /* Ptr */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 133, + "event": "path", + "message": "Condition \"kind == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/go-openapi/validate/schema.go", + "line": 143, + "event": "null_field_access", + "message": "Accessing field of null object \"s.Schema\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| \t// TODO: this part should be handed over to type validator", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| \t// Handle special case of json.Number data (number marshalled as string)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143|-> \tisnumber := s.Schema.Type.Contains(numberType) || s.Schema.Type.Contains(integerType)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tif num, ok := data.(json.Number); ok && isnumber {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\tif s.Schema.Type.Contains(integerType) { // avoid lossy conversion", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt.ParseRSAPrivateKeyFromPEM([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tvar parsedKey interface{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt.ParseRSAPrivateKeyFromPEMWithPassword([]byte, string)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 59, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 59, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(blockDecrypted)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 62, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 60, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/rsa_utils.go", + "line": 60, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/golang-jwt/jwt/v4.SigningMethodEd25519.Sign(string, interface{})(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 67, + "event": "assign_null", + "message": "Assigning: \"ed25519Key\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 70, + "event": "path", + "message": "Condition \"!ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/ed25519.go", + "line": 74, + "event": "null_method_call", + "message": "Calling a method on null object \"ed25519Key\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74|-> \tif _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| \t\treturn \"\", ErrInvalidKey", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt/v4.ParseRSAPrivateKeyFromPEM([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(block.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tvar parsedKey interface{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/golang-jwt/jwt/v4.ParseRSAPrivateKeyFromPEMWithPassword([]byte, string)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 63, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 63, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(blockDecrypted)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 66, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 64, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/golang-jwt/jwt/v4/rsa_utils.go", + "line": 64, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| \tif parsedKey, err = x509.ParsePKCS1PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 64|-> \t\tif parsedKey, err = x509.ParsePKCS8PrivateKey(blockDecrypted); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 65| \t\t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/google/go-cmp/cmp.Options.apply(*github.com/google/go-cmp/cmp.state, reflect.Value, reflect.Value)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 93, + "event": "path", + "message": "Condition \" < len(flattenOptions(nil, opts))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 95, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 93, + "event": "path", + "message": "Condition \" < len(flattenOptions(nil, opts))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 93, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"flattenOptions\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 93, + "event": "null_array_access", + "message": "Accessing an element on null array \"flattenOptions(nil, opts)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| \tconst help = \"consider using filters to ensure at most one Comparer or Transformer may apply\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| \tvar ss []string", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93|-> \tfor _, opt := range flattenOptions(nil, opts) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| \t\tss = append(ss, fmt.Sprint(opt))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/google/go-cmp/cmp.normalizeOption(github.com/google/go-cmp/cmp.Option)github.com/google/go-cmp/cmp.Option", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 528, + "event": "identity_transfer", + "message": "Passing \"nil\" as argument 1 to function \"flattenOptions\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 528, + "event": "alias_transfer", + "message": "Assigning: \"opts\" = \"flattenOptions(nil, {src})\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 528, + "event": "path", + "message": "Switch case value \"1\".", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/google/go-cmp/cmp/options.go", + "line": 532, + "event": "null_array_access", + "message": "Accessing an element on null array \"opts\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530| \t\treturn nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| \tcase 1:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532|-> \t\treturn opts[0]", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533| \tdefault:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 534| \t\treturn opts", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/googleapis/enterprise-certificate-proxy/client.Cred(string)(*github.com/googleapis/enterprise-certificate-proxy/client.Key, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go", + "line": 163, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go", + "line": 163, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKIXPublicKey(publicKeyBytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go", + "line": 166, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go", + "line": 164, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/googleapis/enterprise-certificate-proxy/client/client.go", + "line": 164, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| \tpublicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 164|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 165| \t\treturn nil, fmt.Errorf(\"failed to parse public key: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 166| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/gorilla/mux.routeRegexpGroup.setMatch(*net/http.Request, *github.com/gorilla/mux.RouteMatch, *github.com/gorilla/mux.Route)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go", + "line": 353, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go", + "line": 357, + "event": "concat", + "message": "Creating a tainted string using \"u.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go", + "line": 357, + "event": "assign", + "message": "Assigning a tainted string to \"u.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go", + "line": 359, + "event": "identity", + "message": "Calling \"String\". This call assigns \"u.Path\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/gorilla/mux/regexp.go", + "line": 359, + "event": "sink", + "message": "Calling \"RedirectHandler\". This call passes the tainted data, \"u.String()\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 357| \t\t\t\t\t\tu.Path += \"/\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 358| \t\t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 359|-> \t\t\t\t\tm.Handler = http.RedirectHandler(u.String(), http.StatusMovedPermanently)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 360| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 361| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/jackc/pgconn.configTLS(map[string]string, string, github.com/jackc/pgconn.ParseConfigOptions)([]*crypto/tls.Config, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go", + "line": 740, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go", + "line": 740, + "event": "assign", + "message": "Assigning: \"decryptedError\" = \"DecryptPEMBlock(block, ([]byte)sslpassword)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go", + "line": 744, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go", + "line": 742, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/config.go", + "line": 742, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 740| \t\t\tdecryptedKey, decryptedError = x509.DecryptPEMBlock(block, []byte(sslpassword))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 741| \t\t\t// Should we also provide warning for PKCS#1 needed?", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 742|-> \t\t\tif decryptedError != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 743| \t\t\t\treturn nil, fmt.Errorf(\"unable to decrypt key: %w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 744| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/jackc/pgconn.redactURL(*net/url.URL)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go", + "line": 218, + "event": "hardcoded_credential", + "message": "The constant string \"\"xxxxx\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go", + "line": 218, + "event": "password_use", + "message": "Calling \"UserPassword\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/errors.go", + "line": 218, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 216| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 217| \tif _, pwSet := u.User.Password(); pwSet {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218|-> \t\tu.User = url.UserPassword(u.User.Username(), \"xxxxx\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| \treturn u.String()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/jackc/pgconn.Connect(context.Context, string)(*github.com/jackc/pgconn.PgConn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 104, + "event": "identity", + "message": "Calling \"ParseConfig\". This call assigns \"\n\" to \"(.$0).Password\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 104, + "event": "assign", + "message": "Assigning: \"config\" = \"ParseConfig(connString)\". Now \"config.Password\" is equal to \"\n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 109, + "event": "password_use", + "message": "Calling \"ConnectConfig\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 109, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109|-> \treturn ConnectConfig(ctx, config)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/jackc/pgconn.ConnectWithOptions(context.Context, string, github.com/jackc/pgconn.ParseConfigOptions)(*github.com/jackc/pgconn.PgConn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 116, + "event": "identity", + "message": "Calling \"ParseConfigWithOptions\". This call assigns \"\n\" to \"(.$0).Password\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 116, + "event": "assign", + "message": "Assigning: \"config\" = \"ParseConfigWithOptions(connString, parseConfigOptions)\". Now \"config.Password\" is equal to \"\n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 121, + "event": "password_use", + "message": "Calling \"ConnectConfig\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 121, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121|-> \treturn ConnectConfig(ctx, config)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jackc/pgconn.ConnectConfig(context.Context, *github.com/jackc/pgconn.Config)(*github.com/jackc/pgconn.PgConn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 131, + "event": "assign_null", + "message": "Assigning: \"pgConn\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 134, + "event": "path", + "message": "Condition \"!config.createdByParseConfig\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 149, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 153, + "event": "path", + "message": "Condition \"len(fallbackConfigs) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 159, + "event": "path", + "message": "Condition \" < len(fallbackConfigs)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 191, + "event": "path", + "message": "Condition \"!foundBestServer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 191, + "event": "path", + "message": "Condition \"fallbackConfig != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 198, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 202, + "event": "path", + "message": "Condition \"config.AfterConnect != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 204, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgconn/pgconn.go", + "line": 205, + "event": "null_field_access", + "message": "Accessing field of null object \"pgConn\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| \t\terr := config.AfterConnect(ctx, pgConn)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 204| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 205|-> \t\t\tpgConn.conn.Close()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 206| \t\t\treturn nil, &connectError{config: config, msg: \"AfterConnect error\", err: err}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 207| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "github.com/jackc/pgx/v4.Connect(context.Context, string)(*github.com/jackc/pgx/v4.Conn, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 103, + "event": "identity", + "message": "Calling \"ParseConfig\". This call assigns \"\n\" to \"(.$0).Config.Password\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 103, + "event": "assign", + "message": "Assigning: \"connConfig\" = \"ParseConfig(connString)\". Now \"connConfig.Config.Password\" is equal to \"\n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 107, + "event": "password_use", + "message": "Calling \"connect\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 107, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| \t\treturn nil, err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107|-> \treturn connect(ctx, connConfig)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/jackc/pgx/v4.Conn.SendBatch(context.Context, *github.com/jackc/pgx/v4.Batch)github.com/jackc/pgx/v4.BatchResults", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 721, + "event": "path", + "message": "Condition \"simpleProtocol\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 744, + "event": "path", + "message": "Condition \" < len(b.items)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 745, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 746, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 744, + "event": "path", + "message": "Condition \" < len(b.items)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 751, + "event": "assign_null", + "message": "Assigning: \"stmtCache\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 752, + "event": "path", + "message": "Condition \"len(distinctUnpreparedQueries) > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 769, + "event": "path", + "message": "Condition \" < len(b.items)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 773, + "event": "path", + "message": "Condition \"sd == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/jackc/pgx/v4/conn.go", + "line": 775, + "event": "null_method_call", + "message": "Calling a method on null object \"stmtCache\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 773| \t\tif sd == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 774| \t\t\tvar err error", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775|-> \t\t\tsd, err = stmtCache.Get(ctx, bi.query)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 776| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 777| \t\t\t\treturn c.logBatchResults(ctx, startTime, &batchResults{ctx: ctx, conn: c, err: err})", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/julienschmidt/httprouter.Router.ServeHTTP(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 403, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 403, + "event": "identity", + "message": "Calling \"String\". This call assigns \"req.URL.Fragment\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 403, + "event": "sink", + "message": "Calling \"Redirect\". This call passes the tainted data, \"req.URL.String()\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 401| \t\t\t\t\treq.URL.Path = path + \"/\"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 402| \t\t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 403|-> \t\t\t\thttp.Redirect(w, req, req.URL.String(), code)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 404| \t\t\t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 405| \t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "OPEN_REDIRECT", + "cwe": 601, + "function": "github.com/julienschmidt/httprouter.Router.ServeHTTP(net/http.ResponseWriter, *net/http.Request)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 415, + "event": "taint", + "message": "The field \"req.URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 415, + "event": "identity", + "message": "Calling \"String\". This call assigns \"req.URL.Fragment\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/julienschmidt/httprouter/router.go", + "line": 415, + "event": "sink", + "message": "Calling \"Redirect\". This call passes the tainted data, \"req.URL.String()\", to a redirect sink.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 413| \t\t\t\tif found {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 414| \t\t\t\t\treq.URL.Path = string(fixedPath)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 415|-> \t\t\t\t\thttp.Redirect(w, req, req.URL.String(), code)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| \t\t\t\t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| \t\t\t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/labstack/echo/v4/middleware.StaticWithConfig.anonymous%0.anonymous%0(github.com/labstack/echo/v4.Context)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "identity", + "message": "Calling \"Request\". This call returns \"c.request\". (The interface method resolves to \"v4.context.Request()\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "taint", + "message": "The field \"c.Request().URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "assign", + "message": "Assigning: \"p\" = \"c.Request().URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 174, + "event": "identity", + "message": "Calling \"PathUnescape\". This call assigns \"p\" to \".$0\". Now \".$0\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 174, + "event": "assign", + "message": "Assigning: \"p\" = \"PathUnescape(p)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "identity", + "message": "Calling \"Clean\". This call assigns a tainted string to \"\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "assign", + "message": "Assigning: \"[1]\" = \"Clean(\"/\" + p)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{config.Root, Clean(\"/\" + p)}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "assign", + "message": "Assigning: \"name\" = \"Join(config.Root, Clean(\"/\" + p))\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 189, + "event": "sink", + "message": "Calling \"Open\". This call uses \"name\" for sensitive computation. (The interface method resolves to \"http.Dir.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 189, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189|-> \t\t\tfile, err := config.Filesystem.Open(name)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| \t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| \t\t\t\tif !isIgnorableOpenFileError(err) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/labstack/echo/v4/middleware.StaticWithConfig.anonymous%0.anonymous%0(github.com/labstack/echo/v4.Context)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "identity", + "message": "Calling \"Request\". This call returns \"c.request\". (The interface method resolves to \"v4.context.Request()\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "taint", + "message": "The field \"c.Request().URL\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 170, + "event": "assign", + "message": "Assigning: \"p\" = \"c.Request().URL.Path\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 174, + "event": "identity", + "message": "Calling \"PathUnescape\". This call assigns \"p\" to \".$0\". Now \".$0\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 174, + "event": "assign", + "message": "Assigning: \"p\" = \"PathUnescape(p)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "identity", + "message": "Calling \"Clean\". This call assigns a tainted string to \"\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "assign", + "message": "Assigning: \"[1]\" = \"Clean(\"/\" + p)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{config.Root, Clean(\"/\" + p)}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 178, + "event": "assign", + "message": "Assigning: \"name\" = \"Join(config.Root, Clean(\"/\" + p))\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 220, + "event": "assign", + "message": "Assigning: \"[0]\" = \"name\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 220, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{name, config.Index}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 220, + "event": "sink", + "message": "Calling \"Open\". This call uses \"Join(name, config.Index)\" for sensitive computation. (The interface method resolves to \"http.Dir.Open(string)\".)", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/middleware/static.go", + "line": 220, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| \t\t\tif info.IsDir() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220|-> \t\t\t\tindex, err := config.Filesystem.Open(path.Join(name, config.Index))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| \t\t\t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| \t\t\t\t\tif config.Browse {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/labstack/echo/v4.Router.Find(string, string, github.com/labstack/echo/v4.Context)", + "language": "go", + "tool": "coverity", + "key_event_idx": 30, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 535, + "event": "assign_null", + "message": "Assigning: \"previousBestMatchNode\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 588, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 592, + "event": "path", + "message": "Condition \"currentNode.kind == 0 /* staticKind */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 598, + "event": "path", + "message": "Condition \"searchLen < max\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"lcpLen < max\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"search[lcpLen] == currentNode.prefix[lcpLen]\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 602, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"lcpLen < max\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"search[lcpLen] == currentNode.prefix[lcpLen]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 605, + "event": "path", + "message": "Condition \"lcpLen != prefixLen\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 626, + "event": "path", + "message": "Condition \"search == \"\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 645, + "event": "path", + "message": "Condition \"search != \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 646, + "event": "path", + "message": "Condition \"child != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 654, + "event": "path", + "message": "Condition \"search != \"\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 654, + "event": "path", + "message": "Condition \"child != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 658, + "event": "path", + "message": "Condition \"currentNode.isLeaf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 662, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 671, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 588, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 592, + "event": "path", + "message": "Condition \"currentNode.kind == 0 /* staticKind */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 598, + "event": "path", + "message": "Condition \"searchLen < max\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"lcpLen < max\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 601, + "event": "path", + "message": "Condition \"search[lcpLen] == currentNode.prefix[lcpLen]\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 605, + "event": "path", + "message": "Condition \"lcpLen != prefixLen\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 608, + "event": "path", + "message": "Condition \"!ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 610, + "event": "path", + "message": "Condition \"nk == 1 /* paramKind */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 617, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 714, + "event": "path", + "message": "Condition \"currentNode == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 722, + "event": "path", + "message": "Condition \"matchedRouteMethod != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 729, + "event": "alias_transfer", + "message": "Assigning: \"currentNode\" = \"previousBestMatchNode\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/labstack/echo/v4/router.go", + "line": 731, + "event": "null_field_access", + "message": "Accessing field of null object \"currentNode\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 729| \t\tcurrentNode = previousBestMatchNode", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 730| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 731|-> \t\trPath = currentNode.originalPath", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 732| \t\trPNames = nil // no params here", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 733| \t\tctx.handler = NotFoundHandler", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/letsencrypt/boulder/goodkey.KeyPolicy.GoodKey(context.Context, crypto.PublicKey)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go", + "line": 145, + "event": "insufficient_logging", + "message": "Calling \"KeyDigest\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go", + "line": 145, + "event": "assign", + "message": "Assigning: \"err\" = \"KeyDigest(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go", + "line": 148, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go", + "line": 146, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/letsencrypt/boulder/goodkey/good_key.go", + "line": 146, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 144| \tif policy.blockedCheck != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| \t\tdigest, err := core.KeyDigest(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| \t\t\treturn badKey(\"%w\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/oracle/oci-go-sdk/v54/common/auth.x509FederationClient.getSecurityToken()(github.com/oracle/oci-go-sdk/v54/common/auth.securityToken, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go", + "line": 296, + "event": "insufficient_logging", + "message": "Calling \"Call\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go", + "line": 296, + "event": "assign", + "message": "Assigning: \"err\" = \"c.authClient.Call(Background(), &httpRequest)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go", + "line": 298, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go", + "line": 296, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/federation_client.go", + "line": 296, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| \tfor retry := 0; retry < 5; retry++ {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296|-> \t\tif httpResponse, err = c.authClient.Call(context.Background(), &httpRequest); err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297| \t\t\tbreak", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 298| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/oracle/oci-go-sdk/v54/common/auth.getRegionForFederationClient(github.com/oracle/oci-go-sdk/v54/common.HTTPRequestDispatcher, string)(github.com/oracle/oci-go-sdk/v54/common.Region, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go", + "line": 100, + "event": "path", + "message": "Condition \"currTry < MaxRetriesFederationClient\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go", + "line": 102, + "event": "path", + "message": "Condition \"err == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go", + "line": 102, + "event": "var_compare_op", + "message": "Comparing \"err\" to null implies that \"err\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go", + "line": 102, + "event": "path", + "message": "Condition \"statusCode == 200\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/auth/instance_principal_key_provider.go", + "line": 105, + "event": "null_method_call", + "message": "Calling a method on null object \"err\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| \t\t\treturn common.StringToRegion(body.String()), nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> \t\tcommon.Logf(\"Error in getting region from url: %s, Status code: %v, Error: %s\", url, statusCode, err.Error())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| \t\tif statusCode == 404 && strings.Compare(url, metadataBaseURL+regionPath) == 0 {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| \t\t\tcommon.Logf(\"Falling back to http://169.254.169.254/opc/v1 to try again...\")", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/oracle/oci-go-sdk/v54/common.fileConfigurationProvider.KeyID()(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 459, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 459, + "event": "var_compare_op", + "message": "Comparing \"err\" to null implies that \"err\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 463, + "event": "path", + "message": "Condition \"(info.PresentConfiguration & 2 /* hasUser */) == 2 /* hasUser */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 466, + "event": "path", + "message": "Condition \"err == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 473, + "event": "null_method_call", + "message": "Calling a method on null object \"err\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 471| \t\treturn \"ST$\" + rawString, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 472| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 473|-> \terr = fmt.Errorf(\"can not read SecurityTokenFilePath from configuration file due to: %s\", err.Error())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 474| \treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 475| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/oracle/oci-go-sdk/v54/common.composingConfigurationProvider.PrivateRSAKey()(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 636, + "event": "insufficient_logging", + "message": "Calling \"PrivateRSAKey\". This function call creates a logging obligation. (The interface method resolves to \"common.rawConfigurationProvider.PrivateRSAKey()\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 636, + "event": "assign", + "message": "Assigning: \"err\" = \"p.PrivateRSAKey()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 639, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 637, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/oracle/oci-go-sdk/v54/common/configuration.go", + "line": 637, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 635| \tfor _, p := range c.Providers {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 636| \t\tval, err := p.PrivateRSAKey()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 637|-> \t\tif err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 638| \t\t\treturn val, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 639| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/sigstore/sigstore/pkg/cryptoutils.genErrMsg(crypto.PublicKey, crypto.PublicKey, string)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 127, + "event": "insufficient_logging", + "message": "Calling \"SKID\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 127, + "event": "assign", + "message": "Assigning: \"err\" = \"SKID(first)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 130, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 128, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 128, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| \t// Calculate SKID to include in error message", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| \tfirstSKID, err := SKID(first)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| \t\treturn msg", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "github.com/sigstore/sigstore/pkg/cryptoutils.genErrMsg(crypto.PublicKey, crypto.PublicKey, string)string", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 131, + "event": "insufficient_logging", + "message": "Calling \"SKID\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 131, + "event": "assign", + "message": "Assigning: \"err\" = \"SKID(second)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 134, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 132, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/sigstore/sigstore/pkg/cryptoutils/publickey.go", + "line": 132, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| \tsecondSKID, err := SKID(second)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| \t\treturn msg", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/vmware/govmomi/object.ClusterComputeResource.Configuration(context.Context)(*github.com/vmware/govmomi/vim25/types.ClusterConfigInfoEx, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go", + "line": 39, + "event": "assign_null", + "message": "Assigning: \"obj.ComputeResource.ConfigurationEx\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go", + "line": 42, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/cluster_compute_resource.go", + "line": 46, + "event": "unbox_null", + "message": "Unboxing null object \"obj.ComputeResource.ConfigurationEx\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46|-> \treturn obj.ConfigurationEx.(*types.ClusterConfigInfoEx), nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/vmware/govmomi/object.HostSystem.ResourcePool(context.Context)(*github.com/vmware/govmomi/object.ResourcePool, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go", + "line": 46, + "event": "assign_null", + "message": "Assigning: \"mh.ManagedEntity.Parent\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go", + "line": 49, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/host_system.go", + "line": 56, + "event": "null_field_access", + "message": "Accessing field of null object \"mh.ManagedEntity.Parent\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| \tvar parent interface{}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56|-> \tswitch mh.Parent.Type {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| \tcase \"ComputeResource\":", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| \t\tmcr = new(mo.ComputeResource)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/vmware/govmomi/object.VirtualMachine.BootOptions(context.Context)(*github.com/vmware/govmomi/vim25/types.VirtualMachineBootOptions, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 560, + "event": "assign_null", + "message": "Assigning: \"o.Config\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 563, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 567, + "event": "null_field_access", + "message": "Accessing field of null object \"o.Config\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 565| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567|-> \treturn o.Config.BootOptions, nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "github.com/vmware/govmomi/object.VirtualMachine.IsToolsRunning(context.Context)(bool, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 813, + "event": "assign_null", + "message": "Assigning: \"o.Guest\" = \"nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 816, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/github.com/vmware/govmomi/object/virtual_machine.go", + "line": 820, + "event": "null_field_access", + "message": "Accessing field of null object \"o.Guest\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 818| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 819| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 820|-> \treturn o.Guest.ToolsRunningStatus == string(types.VirtualMachineToolsRunningStatusGuestToolsRunning), nil", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 821| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 822| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "go.etcd.io/bbolt.DB.beginTx()(*go.etcd.io/bbolt.Tx, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 711, + "event": "lock", + "message": "Locking \"db.mmaplock\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 714, + "event": "path", + "message": "Condition \"!db.opened\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 721, + "event": "path", + "message": "Condition \"db.data == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 733, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 736, + "event": "unlock", + "message": "Unlocking \"db.metalock\". \"n\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 739, + "event": "lockagain", + "message": "Locking \"db.statlock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 741, + "event": "use", + "message": "Using an unreliable value of \"n\" inside the second locked section. If the data that \"n\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 739| \tdb.statlock.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 740| \tdb.stats.TxN++", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 741|-> \tdb.stats.OpenTxN = n", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 742| \tdb.statlock.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 743| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "go.etcd.io/bbolt.DB.removeTx(*go.etcd.io/bbolt.Tx)", + "language": "go", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 814, + "event": "lock", + "message": "Locking \"db.metalock\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 817, + "event": "path", + "message": "Condition \"i < len(db.txs)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 818, + "event": "path", + "message": "Condition \"t == tx\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 823, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 826, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 829, + "event": "unlock", + "message": "Unlocking \"db.metalock\". \"n\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 832, + "event": "lockagain", + "message": "Locking \"db.statlock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.etcd.io/bbolt/db.go", + "line": 833, + "event": "use", + "message": "Using an unreliable value of \"n\" inside the second locked section. If the data that \"n\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 831| \t// Merge statistics.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 832| \tdb.statlock.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 833|-> \tdb.stats.OpenTxN = n", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 834| \tdb.stats.TxStats.add(&tx.stats)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 835| \tdb.statlock.Unlock()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "go.mozilla.org/pkcs7.TestDSASignWithOpenSSLAndVerify(*testing.T)", + "language": "go", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 73, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 80, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 87, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 93, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 102, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 108, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 113, + "event": "path", + "message": "Condition \"derBlock == nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 113, + "event": "var_compare_op", + "message": "Comparing \"derBlock\" to null implies that \"derBlock\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 116, + "event": "null_field_access", + "message": "Accessing field of null object \"derBlock\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \t\tt.Fatalf(\"failed to read DER block from signature PEM %s\", tmpSignedFile.Name())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116|-> \tp7, err := Parse(derBlock.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| \t\tt.Fatalf(\"Parse encountered unexpected error: %v\", err)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go.mozilla.org/pkcs7.TestDSASignWithOpenSSLAndVerify(*testing.T)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 116, + "event": "insufficient_logging", + "message": "Calling \"Parse\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 116, + "event": "assign", + "message": "Assigning: \"err\" = \"Parse(derBlock.Bytes)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 119, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 117, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/go.mozilla.org/pkcs7/verify_test_dsa.go", + "line": 117, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \tp7, err := Parse(derBlock.Bytes)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| \t\tt.Fatalf(\"Parse encountered unexpected error: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "golang.org/x/crypto/acme/autocert.Manager.verifyRFC(context.Context, *golang.org/x/crypto/acme.Client, string)(*golang.org/x/crypto/acme.Order, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 700, + "event": "taint", + "message": "Calling \"AuthorizeOrder\". This call taints \"(.$0).URI\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 756, + "event": "sink", + "message": "Calling \"WaitOrder\". This call uses \"o.URI\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 756, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 754| \t\t// All authorizations are satisfied.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 755| \t\t// Wait for the CA to update the order status.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 756|-> \t\to, err = client.WaitOrder(ctx, o.URI)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 757| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 758| \t\t\tcontinue AuthorizeOrderLoop", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/crypto/acme/autocert.Manager.deactivatePendingAuthz([]string)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 793, + "event": "insufficient_logging", + "message": "Calling \"acmeClient\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 793, + "event": "assign", + "message": "Assigning: \"err\" = \"m.acmeClient(ctx)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 796, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 794, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/autocert.go", + "line": 794, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 792| \tdefer cancel()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 793| \tclient, err := m.acmeClient(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 794|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 795| \t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 796| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/crypto/acme/autocert.domainRenewal.renew()", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go", + "line": 80, + "event": "insufficient_logging", + "message": "Calling \"do\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go", + "line": 80, + "event": "assign", + "message": "Assigning: \"err\" = \"dr.do(ctx)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go", + "line": 84, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go", + "line": 81, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/autocert/renewal.go", + "line": 81, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| \t// TODO: rotate dr.key at some point?", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| \tnext, err := dr.do(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| \t\tnext = renewJitter / 2", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| \t\tnext += time.Duration(pseudoRand.int63n(int64(next)))", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "golang.org/x/crypto/acme.Client.DeactivateReg(context.Context)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 29, + "event": "taint", + "message": "Calling \"accountKID\".\n* This call returns a reference to \"c.KID\".\n* This call taints \"c.KID\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 29, + "event": "assign", + "message": "Assigning: \"url\" = \"(string)c.accountKID(ctx)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 34, + "event": "sink", + "message": "Calling \"post\". This call uses \"url\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 34, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33| \treq := json.RawMessage(`{\"status\": \"deactivated\"}`)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34|-> \tres, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| \t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "golang.org/x/crypto/acme.Client.updateRegRFC(context.Context, *golang.org/x/crypto/acme.Account)(*golang.org/x/crypto/acme.Account, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 103, + "event": "taint", + "message": "Calling \"accountKID\".\n* This call returns a reference to \"c.KID\".\n* This call taints \"c.KID\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 103, + "event": "assign", + "message": "Assigning: \"url\" = \"(string)c.accountKID(ctx)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 112, + "event": "sink", + "message": "Calling \"post\". This call uses \"url\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 112, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| \t\tContact: a.Contact,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112|-> \tres, err := c.post(ctx, nil, url, req, wantStatus(http.StatusOK))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| \t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "golang.org/x/crypto/acme.Client.CreateOrderCert(context.Context, string, []byte, bool)([][]byte, string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 358, + "event": "taint", + "message": "Calling \"responseOrder\". This call taints \"(.$0).URI\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 365, + "event": "sink", + "message": "Calling \"WaitOrder\". This call uses \"o.URI\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/crypto/acme/rfc8555.go", + "line": 365, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 363| \t// Wait for CA to issue the cert if they haven't.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 364| \tif o.Status != StatusValid {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 365|-> \t\to, err = c.WaitOrder(ctx, o.URI)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 366| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 367| \tif err != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "golang.org/x/net/http2.ClientConn.State()golang.org/x/net/http2.ClientConnState", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 930, + "event": "lock", + "message": "Locking \"cc.wmu\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 931, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"maxConcurrent\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 932, + "event": "path", + "message": "Condition \"!cc.seenSettings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 935, + "event": "unlock", + "message": "Unlocking \"cc.wmu\". \"maxConcurrent\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 937, + "event": "lockagain", + "message": "Locking \"cc.mu\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/net/http2/transport.go", + "line": 939, + "event": "use", + "message": "Using an unreliable value of \"maxConcurrent\" inside the second locked section. If the data that \"maxConcurrent\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 937| \tcc.mu.Lock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 938| \tdefer cc.mu.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 939|-> \treturn ClientConnState{", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 940| \t\tClosed: cc.closed,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 941| \t\tClosing: cc.closing || cc.singleUse || cc.doNotReuse || cc.goAway != nil,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/oauth2/internal.ParseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 25, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 25, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS8PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 31, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 26, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 26, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 24| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 25| \tparsedKey, err := x509.ParsePKCS8PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28| \t\tif err != nil {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "golang.org/x/oauth2/internal.ParseKey([]byte)(*crypto/rsa.PrivateKey, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 27, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 27, + "event": "assign", + "message": "Assigning: \"err\" = \"ParsePKCS1PrivateKey(key)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 30, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 28, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/oauth2/internal/oauth2.go", + "line": 28, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 26| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 27| \t\tparsedKey, err = x509.ParsePKCS1PrivateKey(key)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 28|-> \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 29| \t\t\treturn nil, fmt.Errorf(\"private key should be a PEM or plain PKCS1 or PKCS8; parse error: %v\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 30| \t\t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "golang.org/x/term.Terminal.ReadPassword(string)(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 696, + "event": "lock", + "message": "Locking \"t.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 699, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"oldPrompt\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 703, + "event": "unlock", + "message": "Unlocking \"(*t).lock\". \"oldPrompt\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 703, + "event": "lockagain", + "message": "Locking \"(*t).lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 705, + "event": "use", + "message": "Using an unreliable value of \"oldPrompt\" inside the second locked section. If the data that \"oldPrompt\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 703| \tline, err = t.readLine()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 704| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 705|-> \tt.prompt = oldPrompt", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 706| \tt.echo = true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 707| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "golang.org/x/term.Terminal.readLine()(string, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 42, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 722, + "event": "path", + "message": "Condition \"t.cursorX == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 722, + "event": "path", + "message": "Condition \"t.cursorY == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 730, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 733, + "event": "path", + "message": "Condition \"!lineOk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 736, + "event": "path", + "message": "Condition \"key == 65533 /* RuneError */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 737, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 764, + "event": "path", + "message": "Condition \"len(rest) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 767, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 772, + "event": "path", + "message": "Condition \"lineOk\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 792, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 797, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 730, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 733, + "event": "path", + "message": "Condition \"!lineOk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 736, + "event": "path", + "message": "Condition \"key == 65533 /* RuneError */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 737, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 764, + "event": "path", + "message": "Condition \"len(rest) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 767, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 772, + "event": "path", + "message": "Condition \"lineOk\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 790, + "event": "lock", + "message": "Locking \"t.lock\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 792, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 797, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 730, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 733, + "event": "path", + "message": "Condition \"!lineOk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 736, + "event": "path", + "message": "Condition \"key == 65533 /* RuneError */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 739, + "event": "path", + "message": "Condition \"!t.pasteActive\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 740, + "event": "path", + "message": "Condition \"key == 4 /* keyCtrlD */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 741, + "event": "path", + "message": "Condition \"len(t.line) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 745, + "event": "path", + "message": "Condition \"key == 3 /* keyCtrlC */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 748, + "event": "path", + "message": "Condition \"key == 55314 /* keyPasteStart */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 755, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 759, + "event": "path", + "message": "Condition \"!t.pasteActive\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 762, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"line\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 763, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 733, + "event": "path", + "message": "Condition \"!lineOk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 736, + "event": "path", + "message": "Condition \"key == 65533 /* RuneError */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 737, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 764, + "event": "path", + "message": "Condition \"len(rest) > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 767, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 772, + "event": "path", + "message": "Condition \"lineOk\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 788, + "event": "unlock", + "message": "Unlocking \"t.lock\". \"line\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 792, + "event": "path", + "message": "Condition \"err != nil\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 790, + "event": "lockagain", + "message": "Locking \"t.lock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/golang.org/x/term/terminal.go", + "line": 793, + "event": "use", + "message": "Using an unreliable value of \"line\" inside the second locked section. If the data that \"line\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 791| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 792| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 793|-> \t\t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 794| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 795| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "google.golang.org/api/internal/cert.isCertificateExpired(*crypto/tls.Certificate)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go", + "line": 117, + "event": "insufficient_logging", + "message": "Calling a function that may return an error. These errors should be logged.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go", + "line": 117, + "event": "assign", + "message": "Assigning: \"err\" = \"ParseCertificate(cert.Certificate[0])\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go", + "line": 120, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go", + "line": 118, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/internal/cert/secureconnect_cert.go", + "line": 118, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| \tparsed, err := x509.ParseCertificate(cert.Certificate[0])", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| \t\treturn true", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "URL_MANIPULATION", + "cwe": 918, + "function": "google.golang.org/api/storage/v1.ObjectsInsertCall.Do([]google.golang.org/api/googleapi.CallOption)(*google.golang.org/api/storage/v1.Object, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10013, + "event": "assign", + "message": "Assigning: \"res\" = \"c.doRequest(\"json\")\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10030, + "event": "taint", + "message": "The field \"res.Header\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10030, + "event": "identity", + "message": "Calling \"Get\". This call assigns \"res.Header\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10030, + "event": "identity", + "message": "Calling \"ResumableUpload\". This call assigns \"res.Header.Get(\"Location\")\" to \"().URI\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10030, + "event": "assign", + "message": "Assigning: \"rx\" = \"c.mediaInfo_.ResumableUpload(res.Header.Get(\"Location\"))\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10039, + "event": "sink", + "message": "Calling \"Upload\". This call uses \"rx.URI\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/api/storage/v1/storage-gen.go", + "line": 10039, + "event": "remediation", + "message": "URL manipulation vulnerabilities can be addressed by proper input validation. Allow listing the allowed scheme and authority, and deny listing characters that allow unsafe path traversal in the path and query parts of the URL can improve security.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10037| \t\t\tctx = context.TODO()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10038| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10039|-> \t\tres, err = rx.Upload(ctx)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10040| \t\tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "10041| \t\t\treturn nil, err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "google.golang.org/grpc.clientStream.withRetry((*google.golang.org/grpc.csAttempt)error, ())error", + "language": "go", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 744, + "event": "lock", + "message": "Locking \"cs.mu\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 745, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 746, + "event": "path", + "message": "Condition \"cs.committed\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 754, + "event": "path", + "message": "Condition \"len(cs.buffer) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 760, + "event": "path", + "message": "Condition \"err != nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 766, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"a\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 767, + "event": "unlock", + "message": "Unlocking \"cs.mu\". \"a\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 770, + "event": "path", + "message": "Condition \"a != cs.attempt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 774, + "event": "path", + "message": "Condition \"err == EOF\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 777, + "event": "path", + "message": "Condition \"err == nil\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 777, + "event": "path", + "message": "Condition \"err == EOF\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 777, + "event": "path", + "message": "Condition \"a.s.Status().Code() == 0 /* OK */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 769, + "event": "lockagain", + "message": "Locking \"cs.mu\" again.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/grpc/stream.go", + "line": 782, + "event": "use", + "message": "Using an unreliable value of \"a\" inside the second locked section. If the data that \"a\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 780| \t\t\treturn err", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 781| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 782|-> \t\tif err := cs.retryLocked(a, err); err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 783| \t\t\tcs.mu.Unlock()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 784| \t\t\treturn err", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "google.golang.org/protobuf/internal/descfmt.records.Append(reflect.Value, []string)", + "language": "go", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 208, + "event": "path", + "message": "Condition \" < len(accessors)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 210, + "event": "path", + "message": "Condition \"m.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"v.Kind() == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 216, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 219, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 221, + "event": "path", + "message": "Condition \"!rv.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 228, + "event": "path", + "message": "Switch case value \"Interface\".", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"n\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 243, + "event": "path", + "message": "Condition \"isZero\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 244, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 208, + "event": "path", + "message": "Condition \" < len(accessors)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 210, + "event": "path", + "message": "Condition \"m.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"v.Kind() == 25 /* Struct */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 213, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 216, + "event": "path", + "message": "Condition \"!rv.IsValid()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 219, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 221, + "event": "path", + "message": "Condition \"!rv.IsNil()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 228, + "event": "path", + "message": "Switch case value \"Interface\".", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 240, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go", + "line": 241, + "event": "null_method_call", + "message": "Calling a method on null object \"n\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| \t\tif n, ok := rv.Interface().(list); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> \t\t\tisZero = n.Len() == 0", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| \t\tif isZero {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebEncryption.DecryptMulti(interface{})(int, go-jose.v2.Header, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go", + "line": 515, + "event": "insufficient_logging", + "message": "Calling \"decryptKey\". This function call creates a logging obligation. (The interface method resolves to \"opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go", + "line": 515, + "event": "assign", + "message": "Assigning: \"err\" = \"decrypter.decryptKey(recipientHeaders, &recipient, generator)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go", + "line": 524, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go", + "line": 516, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/crypter.go", + "line": 516, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| \t\tcek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516|-> \t\tif err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \t\t\t// Found a valid CEK -- let's try to decrypt.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| \t\t\tplaintext, err = cipher.decrypt(cek, authData, parts)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.rawJSONWebEncryption.sanitized()(*go-jose.v2.JSONWebEncryption, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go", + "line": 157, + "event": "insufficient_logging", + "message": "Calling \"sanitized\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go", + "line": 157, + "event": "assign", + "message": "Assigning: \"err\" = \"mergedHeaders.sanitized()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go", + "line": 160, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go", + "line": 158, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwe.go", + "line": 158, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \tmergedHeaders := obj.mergedHeaders(nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \tobj.Header, err = mergedHeaders.sanitized()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\treturn nil, fmt.Errorf(\"go-jose/go-jose: cannot sanitize merged headers: %v (%v)\", err, mergedHeaders)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebKey.UnmarshalJSON([]byte)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go", + "line": 172, + "event": "insufficient_logging", + "message": "Calling \"parseCertificateChain\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go", + "line": 172, + "event": "assign", + "message": "Assigning: \"err\" = \"parseCertificateChain(raw.X5c)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go", + "line": 175, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go", + "line": 173, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/go-jose/go-jose.v2/jwk.go", + "line": 173, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \tcerts, err := parseCertificateChain(raw.X5c)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| \t\treturn fmt.Errorf(\"go-jose/go-jose: failed to unmarshal x5c field: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "ini.v1.Section.reflectFrom(reflect.Value)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 577, + "event": "path", + "message": "Condition \"val.Kind() == 22 /* Ptr */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 584, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 591, + "event": "path", + "message": "Condition \"tag == \"-\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"omitEmpty\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"isEmptyValue(field)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "type_assertion", + "message": "Type assertion can store \"nil\" into \"r\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "path", + "message": "Condition \"ok\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 605, + "event": "path", + "message": "Condition \"len(fieldName) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 606, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 582, + "event": "path", + "message": "Condition \"i < typ.NumField()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 583, + "event": "path", + "message": "Condition \"!val.Field(i).CanInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 591, + "event": "path", + "message": "Condition \"tag == \"-\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 596, + "event": "path", + "message": "Condition \"omitEmpty\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 600, + "event": "path", + "message": "Condition \"ok\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/ini.v1/struct.go", + "line": 601, + "event": "null_method_call", + "message": "Calling a method on null object \"r\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 599| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 600| \t\tif r, ok := field.Interface().(StructReflector); ok {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 601|-> \t\t\treturn r.ReflectINIStruct(s.f)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 602| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 603| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebEncryption.DecryptMulti(interface{})(int, go-jose.v2.Header, []byte, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 515, + "event": "insufficient_logging", + "message": "Calling \"decryptKey\". This function call creates a logging obligation. (The interface method resolves to \"opaqueKeyDecrypter.decryptKey(rawHeader, recipientInfo *, keyGenerator)\".)", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 515, + "event": "assign", + "message": "Assigning: \"err\" = \"decrypter.decryptKey(recipientHeaders, &recipient, generator)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 524, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 516, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/crypter.go", + "line": 516, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| \t\tcek, err := decrypter.decryptKey(recipientHeaders, &recipient, generator)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516|-> \t\tif err == nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| \t\t\t// Found a valid CEK -- let's try to decrypt.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| \t\t\tplaintext, err = cipher.decrypt(cek, authData, parts)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.rawJSONWebEncryption.sanitized()(*go-jose.v2.JSONWebEncryption, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 157, + "event": "insufficient_logging", + "message": "Calling \"sanitized\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 157, + "event": "assign", + "message": "Assigning: \"err\" = \"mergedHeaders.sanitized()\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 160, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 158, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwe.go", + "line": 158, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| \tmergedHeaders := obj.mergedHeaders(nil)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| \tobj.Header, err = mergedHeaders.sanitized()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| \t\treturn nil, fmt.Errorf(\"square/go-jose: cannot sanitize merged headers: %v (%v)\", err, mergedHeaders)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INSUFFICIENT_LOGGING", + "cwe": 778, + "function": "go-jose.v2.JSONWebKey.UnmarshalJSON([]byte)error", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 172, + "event": "insufficient_logging", + "message": "Calling \"parseCertificateChain\". This function call creates a logging obligation.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 172, + "event": "assign", + "message": "Assigning: \"err\" = \"parseCertificateChain(raw.X5c)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 175, + "event": "insufficient_logging", + "message": "This branch is missing logging after the method call.", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 173, + "event": "insufficient_logging", + "message": "Condition is checking a possible error value.", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/square/go-jose.v2/jwk.go", + "line": 173, + "event": "remediation", + "message": "Log this issue to improve detection and response to security incidents.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| \tcerts, err := parseCertificateChain(raw.X5c)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173|-> \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| \t\treturn fmt.Errorf(\"square/go-jose: failed to unmarshal x5c field: %s\", err)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_block_sequence_entry(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 580, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 581, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 581, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 582, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 584| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_block_mapping_key(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 676, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 677, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 677, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 678, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 676| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 677| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 678|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 679| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 680| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_flow_sequence_entry(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 771, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 772, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 772, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 773, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 771| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 772| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 773|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 774| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 775| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v2.yaml_parser_parse_flow_mapping_key(*yaml.v2.yaml_parser_t, *yaml.v2.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 905, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 906, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 32 out of 36 times).", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 906, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 907, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 362, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 363, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 391, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 392, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1020, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1021, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1053, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 1054, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 175, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v2/parserc.go", + "line": 176, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 905| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 906| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 907|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 908| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 909| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v3.yaml_parser_parse_flow_mapping_key(*yaml.v3.yaml_parser_t, *yaml.v3.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1067, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 36 out of 37 times).", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1069, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 458, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 459, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 791, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 792, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1183, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1184, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1216, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1217, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 232, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "osbuild-composer-88.2/_build/src/github.com/osbuild/osbuild-composer/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 233, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1067| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1068| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1069|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1070| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1071| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "zend_mm_startup_ex", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "php-8.0.30/Zend/zend_alloc.h", + "line": 310, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/Zend/zend_alloc.c", + "line": 2976, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2974| \tzend_mm_heap *heap;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2975| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2976|-> \tmemcpy((zend_mm_handlers*)&tmp_storage.handlers, handlers, sizeof(zend_mm_handlers));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2977| \ttmp_storage.data = data;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2978| \tchunk = (zend_mm_chunk*)handlers->chunk_alloc(&tmp_storage, ZEND_MM_CHUNK_SIZE, ZEND_MM_CHUNK_SIZE);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "zend_mm_startup_ex", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "php-8.0.30/Zend/zend_alloc.h", + "line": 310, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/Zend/zend_alloc.c", + "line": 3036, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3034| \t\treturn NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3035| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3036|-> \tmemcpy(storage, &tmp_storage, sizeof(zend_mm_storage));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3037| \tif (data) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3038| \t\tstorage->data = (void*)(((char*)storage + sizeof(zend_mm_storage)));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "browscap_intern_str_ci", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 245, + "event": "path", + "message": "Condition \"!!((24UL /* __builtin_offsetof() */ + str->len + 1 + (7UL /* 8 - 1 */) & 18446744073709551608UL /* ~(8 - 1) */) > 32768UL /* 32 * 1024 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 245, + "event": "path", + "message": "Condition \"use_heap = !!((24UL /* __builtin_offsetof() */ + str->len + 1 + (7UL /* 8 - 1 */) & 18446744073709551608UL /* ~(8 - 1) */) > 32768UL /* 32 * 1024 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 245, + "event": "local_ptr_alloc", + "message": "Stack allocation: \"__builtin_alloca(24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL)\".", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 245, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"lcname\" = \"(zend_string *)((use_heap = !!((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) > 32768UL)) ? 0 ? ((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 8UL) ? _emalloc_8() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 16UL) ? _emalloc_16() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 24UL) ? _emalloc_24() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 32UL) ? _emalloc_32() : (((24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL) <= 40UL [...]", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 249, + "event": "path", + "message": "Condition \"interned\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 252, + "event": "identity_transfer", + "message": "Passing \"lcname\" as argument 1 to function \"zend_string_dup\", which returns that argument.", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 252, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"interned\" = \"zend_string_dup(lcname, persistent)\".", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 253, + "event": "path", + "message": "Condition \"persistent\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 259, + "event": "path", + "message": "Condition \"!!use_heap\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 260, + "event": "return_local_alloc_alias", + "message": "Returning pointer \"interned\" which points to space allocated on the stack by \"__builtin_alloca(24UL + str->len + 1UL + 7UL & 0xfffffffffffffff8UL)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 258| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 259| \tZSTR_ALLOCA_FREE(lcname, use_heap);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 260|-> \treturn interned;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 261| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 262| ", + "verbosity_level": 1 + }, + { + "file_name": "php-8.0.30/ext/standard/browscap.c", + "line": 260, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.GenericServlet.getServletContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "return_thread_shared", + "message": "Call to \"getServletConfig\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getServletConfig()\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "write", + "message": "\"getServletConfig()\" is modified in call to \"getServletContext\". (The virtual call resolves to \"org.apache.catalina.core.StandardWrapper.getServletContext\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| public ServletContext getServletContext() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123|-> return getServletConfig().getServletContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.http.HttpServlet.doHead(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 237, + "event": "path", + "message": "Condition \"javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 234, + "event": "thread_entry_point", + "message": "\"doHead\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"this.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "write", + "message": "\"this.config\" is modified in call to \"doGet\". (The virtual call resolves to \"ServletToJsp.doGet\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 236| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 237| if (DispatcherType.INCLUDE.equals(req.getDispatcherType())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 238|-> doGet(req, resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| NoBodyResponse response = new NoBodyResponse(resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.http.HttpServlet.doHead(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 237, + "event": "path", + "message": "Condition \"javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 234, + "event": "thread_entry_point", + "message": "\"doHead\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"this.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "write", + "message": "\"this.config\" is modified in call to \"doGet\". (The virtual call resolves to \"ServletToJsp.doGet\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| NoBodyResponse response = new NoBodyResponse(resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> doGet(req, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| if (req.isAsyncStarted()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| req.getAsyncContext().addListener(new NoBodyAsyncContextListener(response));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.servlet.http.HttpServlet.doOptions(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 476, + "event": "returned_null", + "message": "\"getAllDeclaredMethods\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 476, + "event": "var_assigned", + "message": "Assigning: \"methods\" = \"null\" return value from \"getAllDeclaredMethods\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 492, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 498, + "event": "null_array_length", + "message": "Accessing length of null array \"methods\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 427, + "event": "example_assign", + "message": "Example 1: Assigning: \"parentMethods\" = return value from \"javax.servlet.http.HttpServlet.getAllDeclaredMethods(c.getSuperclass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/javax/servlet/http/HttpServlet.java", + "line": 430, + "event": "example_checked", + "message": "Example 1 (cont.): \"parentMethods\" has its value checked in \"parentMethods != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 496| // End of Tomcat specific hack", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 497| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 498|-> for (int i=0; i doGet(req, resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| long ifModifiedSince;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.Manager.rotateSessionId(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/Manager.java", + "line": 241, + "event": "returned_null", + "message": "\"getSessionIdGenerator\" returns \"null\" (checked 4 out of 7 times). (The virtual call resolves to \"org.apache.catalina.session.ManagerBase.getSessionIdGenerator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/Manager.java", + "line": 241, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionIdGenerator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/ClusterManagerBase.java", + "line": 163, + "event": "example_checked", + "message": "Example 1: \"getSessionIdGenerator()\" has its value checked in \"getSessionIdGenerator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 644, + "event": "example_assign", + "message": "Example 2: Assigning: \"sessionIdGenerator\" = return value from \"getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 645, + "event": "example_checked", + "message": "Example 2 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 89, + "event": "example_assign", + "message": "Example 3: Assigning: \"sessionIdGenerator\" = return value from \"manager.getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 90, + "event": "example_checked", + "message": "Example 3 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java", + "line": 54, + "event": "example_assign", + "message": "Example 4: Assigning: \"sessionIdGenerator\" = return value from \"manager.getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java", + "line": 55, + "event": "example_checked", + "message": "Example 4 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| boolean duplicate = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| do {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> newSessionId = getSessionIdGenerator().generateSessionId();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| if (findSession(newSessionId) == null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ant.jmx.JMXAccessorConditionBase.accessJMXValue()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java", + "line": 171, + "event": "returned_null", + "message": "\"getJMXConnection\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java", + "line": 171, + "event": "null_method_call", + "message": "Calling a method on null object \"getJMXConnection()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| protected String accessJMXValue() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171|-> Object result = getJMXConnection().getAttribute(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| new ObjectName(name), attribute);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| if (result != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.authenticator.SingleSignOn.sessionDestroyed(java.lang.String, org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 329, + "event": "path", + "message": "Condition \"!getState().isAvailable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "path", + "message": "Condition \"session.getMaxInactiveInterval() > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| // session was logged out, we'll log out of all session associated with", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| // the SSO.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337|-> if (((session.getMaxInactiveInterval() > 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| && (session.getIdleTimeInternal() >= session.getMaxInactiveInterval() * 1000))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| || (!session.getManager().getContext().getState().isAvailable())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.authenticator.SingleSignOnSessionKey.(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java", + "line": 41, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java", + "line": 41, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| public SingleSignOnSessionKey(Session session) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| this.sessionId = session.getId();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41|-> Context context = session.getManager().getContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| this.contextName = context.getName();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| this.hostName = context.getParent().getName();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 189, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| appContextRegistrations.get(getRegistrationID(null, appContext));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| if (registration != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| if (layer.equals(wrapper.getMessageLayer()) &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| appContext.equals(wrapper.getAppContext())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 195, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "Iterating over another element of \"layerRegistrations.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 202, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| // Need to check registrations for all layers", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| for (RegistrationContextImpl registration : layerRegistrations.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201| if (appContext.equals(wrapper.getAppContext())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202| registration.listeners.remove(wrapper);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 40, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 195, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "Iterating over another element of \"layerRegistrations.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 206, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "No elements left in \"layerRegistrations.values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 208, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 210, + "event": "path", + "message": "Iterating over another element of \"defaultRegistration.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 217, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 214, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 217, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| // Need to check default", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210| for (RegistrationContextImpl registration : defaultRegistration.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| if (appContext != null && appContext.equals(wrapper.getAppContext()) ||", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 213| layer != null && layer.equals(wrapper.getMessageLayer())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "enhanced_for", + "message": "Starting an iteration on \"previous.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "path", + "message": "Iterating over another element of \"previous.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 223, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"previous.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 225, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"previous.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| // Replaced an existing registration so need to notify those listeners", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222|-> for (RegistrationListenerWrapper wrapper : previous.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| previous.listeners.remove(wrapper);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224| wrapper.listener.notify(wrapper.messageLayer, wrapper.appContext);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl.removeListener(javax.security.auth.message.config.RegistrationListener)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "enhanced_for", + "message": "Starting an iteration on \"listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "path", + "message": "Iterating over another element of \"listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 475, + "event": "path", + "message": "Condition \"wrapper.getListener().equals(listener)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 476, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 479, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 472| private boolean removeListener(RegistrationListener listener) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 473| boolean result = false;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 474|-> for (RegistrationListenerWrapper wrapper : listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 475| if (wrapper.getListener().equals(listener)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476| listeners.remove(wrapper);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.connector.OutputBuffer.checkConverter()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 554, + "event": "path", + "message": "Condition \"conv != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 560, + "event": "path", + "message": "Condition \"coyoteResponse != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 560, + "event": "var_compare_op", + "message": "Comparing \"coyoteResponse\" to null implies that \"coyoteResponse\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 564, + "event": "path", + "message": "Condition \"charset == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 565, + "event": "null_method_call", + "message": "Calling a method on null object \"coyoteResponse\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 563| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 564| if (charset == null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 565|-> if (coyoteResponse.getCharacterEncoding() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566| // setCharacterEncoding() was called with an invalid character set", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| // Trigger an UnsupportedEncodingException", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNUSED_VALUE", + "cwe": 563, + "function": "org.apache.catalina.connector.OutputBuffer.checkConverter()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 570, + "event": "value_overwrite", + "message": "Overwriting previous write to \"charset\" with value from \"org.apache.coyote.Constants.DEFAULT_BODY_CHARSET\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 568, + "event": "returned_reference", + "message": "Assigning value from \"org.apache.tomcat.util.buf.B2CConverter.getCharset(coyoteResponse.getCharacterEncoding())\" to \"charset\" here, but that stored value is overwritten before it can be used.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566| // setCharacterEncoding() was called with an invalid character set", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| // Trigger an UnsupportedEncodingException", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568|-> charset = B2CConverter.getCharset(coyoteResponse.getCharacterEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 570| charset = org.apache.coyote.Constants.DEFAULT_BODY_CHARSET;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.authenticate(javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2786, + "event": "path", + "message": "Condition \"response.isCommitted()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2791, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2791, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 877, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 878, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 161, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2789| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2790| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2791|-> return getContext().getAuthenticator().authenticate(this, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2792| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2793| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.login(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2800, + "event": "path", + "message": "Condition \"getAuthType() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2800, + "event": "path", + "message": "Condition \"getRemoteUser() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2800, + "event": "path", + "message": "Condition \"getUserPrincipal() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2806, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2806, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 877, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 878, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 161, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2804| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2805| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2806|-> getContext().getAuthenticator().login(username, password, this);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2807| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2808| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.logout()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2814, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2814, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 877, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 878, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 161, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2812| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2813| public void logout() throws ServletException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2814|-> getContext().getAuthenticator().logout(this);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2815| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2816| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Response.encodeRedirectURL(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1162, + "event": "path", + "message": "Condition \"isEncodeable(toAbsolute(url))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1163, + "event": "returned_null", + "message": "\"getSessionInternal\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1163, + "event": "null_method_call", + "message": "Calling a method on null object \"request.getSessionInternal()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1161| public String encodeRedirectURL(String url) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1162| if (isEncodeable(toAbsolute(url))) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1163|-> return toEncoded(url, request.getSessionInternal().getIdInternal());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1164| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1165| return url;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Response.encodeURL(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1200, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1205, + "event": "path", + "message": "Condition \"isEncodeable(absolute)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1207, + "event": "path", + "message": "Condition \"url.equalsIgnoreCase(\"\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1209, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1212, + "event": "returned_null", + "message": "\"getSessionInternal\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Response.java", + "line": 1212, + "event": "null_method_call", + "message": "Calling a method on null object \"request.getSessionInternal()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1210| url += '/';", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1211| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1212|-> return toEncoded(url, request.getSessionInternal().getIdInternal());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1213| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1214| return url;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.core.ApplicationServletRegistration.getMappings()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 212, + "event": "returned_null", + "message": "\"findServletMappings\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findServletMappings\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 212, + "event": "var_assigned", + "message": "Assigning: \"urlPatterns\" = \"null\" return value from \"findServletMappings\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 213, + "event": "null_array_length", + "message": "Accessing length of null array \"urlPatterns\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| String[] urlPatterns = context.findServletMappings();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 213|-> for (String urlPattern : urlPatterns) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 214| String name = context.findServletMapping(urlPattern);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 215| if (name.equals(servletName)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.core.StandardContext.postWorkDirectory()", + "language": "java", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6120, + "event": "path", + "message": "Condition \"workDir == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6127, + "event": "path", + "message": "Condition \"parentHost != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6129, + "event": "path", + "message": "Condition \"parentHost instanceof org.apache.catalina.core.StandardHost\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6133, + "event": "path", + "message": "Condition \"parentEngine != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6137, + "event": "path", + "message": "Condition \"hostName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6140, + "event": "path", + "message": "Condition \"engineName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6145, + "event": "path", + "message": "Condition \"temp.startsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6150, + "event": "path", + "message": "Condition \"temp.length() < 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6153, + "event": "path", + "message": "Condition \"hostWorkDir != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6164, + "event": "path", + "message": "Condition \"!dir.isAbsolute()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6167, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"getCanonicalPath\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6169, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6174, + "event": "path", + "message": "Condition \"!dir.mkdirs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6174, + "event": "path", + "message": "Condition \"!dir.isDirectory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6180, + "event": "path", + "message": "Condition \"context == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6180, + "event": "var_compare_op", + "message": "Comparing \"context\" to null implies that \"context\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6181, + "event": "no_write_call", + "message": "Although \"getServletContext\" does overwrite \"this.context\" on some paths, it also contains at least one feasible path which does not overwrite it.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6183, + "event": "null_method_call", + "message": "Calling a method on null object \"context\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6181| getServletContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6182| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6183|-> context.setAttribute(ServletContext.TEMPDIR, dir);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6184| context.setAttributeReadOnly(ServletContext.TEMPDIR);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6185| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.core.StandardWrapperValve.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 106, + "event": "path", + "message": "Condition \"!context.getState().isAvailable()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 113, + "event": "path", + "message": "Condition \"!unavailable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 132, + "event": "path", + "message": "Condition \"!unavailable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 135, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 166, + "event": "path", + "message": "Condition \"request.getDispatcherType() == javax.servlet.DispatcherType.ASYNC\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 180, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 207, + "event": "path", + "message": "Falling through to finally statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 260, + "event": "path", + "message": "Condition \"filterChain != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 266, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 269, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 282, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 286, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 297, + "event": "read_volatile", + "message": "Reading \"processingTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 297, + "event": "intervening_update", + "message": "Another thread writes to \"processingTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 297, + "event": "stale_update", + "message": "Updating \"processingTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296| long time=t2-t1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297|-> processingTime += time;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 298| if( time > maxTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 299| maxTime=time;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.deploy.NamingResourcesImpl.addEnvironment(org.apache.tomcat.util.descriptor.web.ContextEnvironment)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 250, + "event": "path", + "message": "Condition \"entries.contains(environment.getName())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 253, + "event": "path", + "message": "Condition \"ce != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 259, + "event": "path", + "message": "Condition \"rl != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 261, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 261, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 259| } else if (rl != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 260| // Link. Need to look at the global resources", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 261|-> NamingResourcesImpl global = getServer().getGlobalNamingResources();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 262| if (global.findEnvironment(rl.getGlobal()) != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 263| if (global.findEnvironment(rl.getGlobal()).getOverride()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.catalina.filters.CsrfPreventionFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 115, + "event": "path", + "message": "Condition \"request instanceof javax.servlet.http.HttpServletRequest\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 115, + "event": "path", + "message": "Condition \"response instanceof javax.servlet.http.HttpServletResponse\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 123, + "event": "path", + "message": "Condition \"\"GET\" /* org.apache.catalina.filters.Constants.METHOD_GET */.equals(req.getMethod())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 123, + "event": "path", + "message": "Condition \"entryPoints.contains(getRequestedPath(req))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 125, + "event": "path", + "message": "Condition \"log.isTraceEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 134, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"session\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 139, + "event": "path", + "message": "Condition \"!skipNonceCheck\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 180, + "event": "path", + "message": "Condition \"nonceCache == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 181, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 182, + "event": "path", + "message": "Condition \"null == session\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 186, + "event": "path", + "message": "Condition \"session == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 193, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"session\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| session = req.getSession(true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193|-> session.setAttribute(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.filters.ExpiresFilter.getExpirationDate(javax.servlet.http.HttpServletRequest, org.apache.catalina.filters.ExpiresFilter$XHttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1288, + "event": "path", + "message": "Condition \"contentType == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1302, + "event": "path", + "message": "Condition \"contentType != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1309, + "event": "path", + "message": "Condition \"configuration != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1319, + "event": "path", + "message": "Condition \"org.apache.catalina.filters.ExpiresFilter.contains(contentType, \";\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1321, + "event": "returned_null", + "message": "\"substringBefore\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1321, + "event": "null_method_call", + "message": "Calling a method on null object \"org.apache.catalina.filters.ExpiresFilter.substringBefore(contentType, \";\")\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1319| if (contains(contentType, \";\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1320| // lookup content-type without charset match (e.g. \"text/html\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1321|-> String contentTypeWithoutCharset = substringBefore(contentType, \";\").trim();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1322| configuration = expiresConfigurationByContentType.get(contentTypeWithoutCharset);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1323| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "org.apache.catalina.ha.session.DeltaSession.expire(boolean, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 504, + "event": "path", + "message": "Condition \"!isValid\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 508, + "event": "lock_acquire", + "message": "Acquiring lock \"DeltaSession.this\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 511, + "event": "path", + "message": "Condition \"!isValid\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 515, + "event": "path", + "message": "Condition \"manager == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 521, + "event": "path", + "message": "Condition \"notifyCluster\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 521, + "event": "path", + "message": "Condition \"expiredId != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 521, + "event": "path", + "message": "Condition \"manager instanceof org.apache.catalina.ha.session.DeltaManager\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 525, + "event": "lock_order", + "message": "Acquiring lock \"DeltaSession.diffLock.lock()\" while holding \"DeltaSession.this\" conflicts with the lock order established elsewhere.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 713, + "event": "lock_acquire", + "message": "Example 1: Calling \"lockInternal\" acquires lock \"DeltaSession.diffLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 716, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"execute\" acquires lock \"DeltaSession.this\" while holding \"DeltaSession.diffLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 200, + "event": "lock_acquire", + "message": "Example 2: Calling \"lockInternal\" acquires lock \"DeltaSession.diffLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 209, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"execute\" acquires lock \"DeltaSession.this\" while holding \"DeltaSession.diffLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 523| DeltaManager dmanager = (DeltaManager)manager;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 524| CatalinaCluster cluster = dmanager.getCluster();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 525|-> ClusterMessage msg = dmanager.requestCompleted(expiredId, true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 526| if (msg != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 527| cluster.send(msg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.catalina.ha.session.DeltaSession.doReadObject(java.io.ObjectInput)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 846, + "event": "path", + "message": "Condition \"hasPrincipal\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 852, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.session.DeltaSession.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 857, + "event": "path", + "message": "Condition \"attributes == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 861, + "event": "save", + "message": "Saving non-local \"isValid\" in local \"isValidSave\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 862, + "event": "modify", + "message": "Modifying non-local \"isValid\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 863, + "event": "path", + "message": "Condition \"i < n\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "exception", + "message": "Value of non-local \"isValid\" that was saved in \"isValidSave\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "remediation", + "message": "Did you intend to handle restoring \"isValid\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"readObject\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 868, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 869, + "event": "path", + "message": "Condition \"wae.getCause() instanceof java.io.NotSerializableException\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 873, + "event": "path", + "message": "Throwing \"java.io.WriteAbortedException\" (or subclass); exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 885, + "event": "restore_example", + "message": "The original value of non-local \"isValid\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 865| final Object value;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 866| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 867|-> value = stream.readObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 868| } catch (WriteAbortedException wae) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 869| if (wae.getCause() instanceof NotSerializableException) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ha.session.JvmRouteBinderValve.changeSessionID(org.apache.catalina.connector.Request, java.lang.String, java.lang.String, org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java", + "line": 328, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java", + "line": 328, + "event": "null_method_call", + "message": "Calling a method on null object \"catalinaSession.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 326| String newSessionID, Session catalinaSession) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327| fireLifecycleEvent(\"Before session migration\", catalinaSession);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328|-> catalinaSession.getManager().changeSessionId(catalinaSession, newSessionID);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329| changeRequestSessionID(request, sessionId, newSessionID);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| fireLifecycleEvent(\"After session migration\", catalinaSession);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.sendCrossContextSession()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 431, + "event": "path", + "message": "Condition \"sessions != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 431, + "event": "path", + "message": "Condition \"sessions.size() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 432, + "event": "path", + "message": "Iterating over another element of \"sessions\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 433, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 438, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 439, + "event": "read_volatile", + "message": "Reading \"nrOfCrossContextSendRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 439, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfCrossContextSendRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 439, + "event": "stale_update", + "message": "Updating \"nrOfCrossContextSendRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 437| sendMessage(session,(ClusterManager)session.getManager());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439|-> nrOfCrossContextSendRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.resetDeltaRequest(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 477, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 478, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 478, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476| protected void resetDeltaRequest(Session session) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 477| if(log.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478|-> log.debug(sm.getString(\"ReplicationValve.resetDeltaRequest\" ,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479| session.getManager().getContext().getName() ));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessage(org.apache.catalina.connector.Request, org.apache.catalina.ha.ClusterManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 492, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 495, + "event": "path", + "message": "Condition \"!isRequestWithoutSessionChange(uri)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 501, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 502, + "event": "read_volatile", + "message": "Reading \"nrOfFilterRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 502, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfFilterRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 502, + "event": "stale_update", + "message": "Updating \"nrOfFilterRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 500| } else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 501| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 502|-> nrOfFilterRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 503| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 504| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.send(org.apache.catalina.ha.ClusterManager, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 530, + "event": "path", + "message": "Condition \"msg != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 530, + "event": "path", + "message": "Condition \"cluster != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 532, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 533, + "event": "read_volatile", + "message": "Reading \"nrOfSendRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 533, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfSendRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 533, + "event": "stale_update", + "message": "Updating \"nrOfSendRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| cluster.send(msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533|-> nrOfSendRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 534| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 535| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "read_volatile", + "message": "Reading \"totalSendTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "intervening_update", + "message": "Another thread writes to \"totalSendTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "stale_update", + "message": "Updating \"totalSendTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573| long currentTime = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| lastSendTime = currentTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575|-> totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| nrOfRequests++;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 576, + "event": "read_volatile", + "message": "Reading \"totalRequestTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 576, + "event": "intervening_update", + "message": "Another thread writes to \"totalRequestTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 576, + "event": "stale_update", + "message": "Updating \"totalRequestTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| lastSendTime = currentTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576|-> totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| nrOfRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| if(log.isInfoEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 577, + "event": "read_volatile", + "message": "Reading \"nrOfRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 577, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 577, + "event": "stale_update", + "message": "Updating \"nrOfRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577|-> nrOfRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| if(log.isInfoEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| if ( (nrOfRequests % 100) == 0 ) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.upload(javax.servlet.http.HttpServletRequest, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 242, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 244, + "event": "path", + "message": "Condition \"warPart == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 249, + "event": "returned_null", + "message": "\"getSubmittedFileName\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationPart.getSubmittedFileName\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 249, + "event": "var_assigned", + "message": "Assigning: \"filename\" = \"null\" return value from \"getSubmittedFileName\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 250, + "event": "null_method_call", + "message": "Calling a method on null object \"filename\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/connector/Request.java", + "line": 2929, + "event": "example_checked", + "message": "Example 1: \"part.getSubmittedFileName()\" has its value checked in \"part.getSubmittedFileName() == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 248| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 249| String filename = warPart.getSubmittedFileName();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 250|-> if (!filename.toLowerCase(Locale.ENGLISH).endsWith(\".war\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 251| message = smClient.getString(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 252| \"htmlManagerServlet.deployUploadNotWar\", filename);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.invalidateSessions(org.apache.catalina.util.ContextName, java.lang.String[], org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1019, + "event": "path", + "message": "Condition \"null == sessionIds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1028, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1031, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1036, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1039, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1028, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1031, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1024, + "event": "returned_null", + "message": "\"getSessionForNameAndId\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1024, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionForNameAndId(cn, sessionId, smClient)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1022| int nbAffectedSessions = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1023| for (String sessionId : sessionIds) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1024|-> HttpSession session =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1025| getSessionForNameAndId(cn, sessionId, smClient).getSession();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1026| if (null == session) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.removeSessionAttribute(org.apache.catalina.util.ContextName, java.lang.String, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1059, + "event": "returned_null", + "message": "\"getSessionForNameAndId\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1059, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionForNameAndId(cn, sessionId, smClient)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| protected boolean removeSessionAttribute(ContextName cn, String sessionId,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1058| String attributeName, StringManager smClient) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1059|-> HttpSession session =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1060| getSessionForNameAndId(cn, sessionId, smClient).getSession();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1061| if (null == session) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(java.lang.String, java.lang.String, java.lang.String[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 271, + "event": "var_compare_op", + "message": "Comparing \"parameters\" to null implies that \"parameters\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 273, + "event": "path", + "message": "Condition \"null == methodInfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 291, + "event": "path", + "message": "Condition \"i < signature.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 294, + "event": "null_array_access", + "message": "Accessing an element on null array \"parameters\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| MBeanParameterInfo pi = signature[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| signatureTypes[i] = pi.getType();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294|-> values[i] = registry.convertValue(pi.getType(), parameters[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.manager.ManagerServlet.resources(java.io.PrintWriter, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1156, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1157, + "event": "path", + "message": "Condition \"type != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1159, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1165, + "event": "path", + "message": "Condition \"global == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1171, + "event": "path", + "message": "Condition \"type != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1174, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.manager.ManagerServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 168, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.manager.ManagerServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"global\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "write", + "message": "\"global\" is modified in call to \"printResources\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1176| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1177| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1178|-> printResources(writer, \"\", global, type, smClient);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1179| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1180| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findApplicationParameters()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 39, + "event": "returned_null", + "message": "\"findApplicationParameters\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findApplicationParameters\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 39, + "event": "var_assigned", + "message": "Assigning: \"params\" = \"null\" return value from \"findApplicationParameters\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 40, + "event": "null_array_length", + "message": "Accessing length of null array \"params\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| ApplicationParameter[] params = context.findApplicationParameters();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40|-> String[] stringParams = new String[params.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| for (int counter = 0; counter < params.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| stringParams[counter] = params[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findConstraints()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 60, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 60, + "event": "var_assigned", + "message": "Assigning: \"constraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 61, + "event": "null_array_length", + "message": "Accessing length of null array \"constraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| SecurityConstraint[] constraints = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> String[] stringConstraints = new String[constraints.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| for (int counter = 0; counter < constraints.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| stringConstraints[counter] = constraints[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 80, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 2 out of 3 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 80, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(errorCode)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 229, + "event": "example_assign", + "message": "Example 1: Assigning: \"errorPage\" = return value from \"context.findErrorPage(statusCode)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 230, + "event": "example_checked", + "message": "Example 1 (cont.): \"errorPage\" has its value checked in \"errorPage == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 232, + "event": "example_assign", + "message": "Example 2: Assigning: \"errorPage\" = return value from \"context.findErrorPage(0)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 234, + "event": "example_checked", + "message": "Example 2 (cont.): \"errorPage\" has its value checked in \"errorPage != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| public String findErrorPage(int errorCode) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80|-> return context.findErrorPage(errorCode).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 97, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 97, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(exceptionType)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| public String findErrorPage(String exceptionType) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97|-> return context.findErrorPage(exceptionType).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(java.lang.Throwable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 111, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 2 out of 3 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 111, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(exceptionType)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 308, + "event": "example_assign", + "message": "Example 1: Assigning: \"errorPage\" = return value from \"context.findErrorPage(throwable)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 309, + "event": "example_checked", + "message": "Example 1 (cont.): \"errorPage\" has its value checked in \"errorPage == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 310, + "event": "example_assign", + "message": "Example 2: Assigning: \"errorPage\" = return value from \"context.findErrorPage(realError)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 313, + "event": "example_checked", + "message": "Example 2 (cont.): \"errorPage\" has its value checked in \"errorPage != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| public String findErrorPage(Throwable exceptionType) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111|-> return context.findErrorPage(exceptionType).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPages()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 125, + "event": "returned_null", + "message": "\"findErrorPages\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPages\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 125, + "event": "var_assigned", + "message": "Assigning: \"pages\" = \"null\" return value from \"findErrorPages\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 126, + "event": "null_array_length", + "message": "Accessing length of null array \"pages\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| ErrorPage[] pages = context.findErrorPages();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126|-> String[] stringPages = new String[pages.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| for (int counter = 0; counter < pages.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| stringPages[counter] = pages[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findFilterDef(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 147, + "event": "returned_null", + "message": "\"findFilterDef\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findFilterDef\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 147, + "event": "var_assigned", + "message": "Assigning: \"filterDef\" = \"null\" return value from \"findFilterDef\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 148, + "event": "null_method_call", + "message": "Calling a method on null object \"filterDef\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| FilterDef filterDef = context.findFilterDef(name);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148|-> return filterDef.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.catalina.mbeans.JmxRemoteLifecycleListener.lifecycleEvent(org.apache.catalina.LifecycleEvent)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 311, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(this.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"this.defaultCertificate\" to \"this.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \"(this.certificates).certificateKeystor [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"getCertificates\". This call returns \"this.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \"(getCertificates()).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"getCertificates()\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"next\". This call returns \"getCertificates().iterator()\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"getCertificates().iterator().next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "assign", + "message": "Assigning: \"certificate\" = \"(org.apache.tomcat.util.net.SSLHostConfigCertificate)getCertificates().iterator().next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 314, + "event": "identity", + "message": "Calling \"JSSEUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 314, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.jsse.JSSEUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "password_use", + "message": "Calling \"getKeyManagers\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers()\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| setEnabledProtocols(sslUtil.getEnabledProtocols());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| setEnabledCiphers(sslUtil.getEnabledCiphers());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319|-> sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320| SSLSessionContext sessionContext = sslContext.getServerSessionContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| if (sessionContext != null) {", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.MBeanFactory.addRealmToParent(java.lang.String, org.apache.catalina.Realm)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 240, + "event": "returned_null", + "message": "\"getParentContainerFromParent\" returns \"null\" (checked 3 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 240, + "event": "var_assigned", + "message": "Assigning: \"container\" = \"null\" return value from \"getParentContainerFromParent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 242, + "event": "null_method_call", + "message": "Calling a method on null object \"container\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 579, + "event": "example_assign", + "message": "Example 1: Assigning: \"container\" = return value from \"getParentContainerFromParent(pname)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 580, + "event": "example_checked", + "message": "Example 1 (cont.): \"container\" has its value checked in \"container instanceof org.apache.catalina.Context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 635, + "event": "example_assign", + "message": "Example 2: Assigning: \"container\" = return value from \"getParentContainerFromParent(parentName)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 637, + "event": "example_checked", + "message": "Example 2 (cont.): \"container\" has its value checked in \"container == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 670, + "event": "example_assign", + "message": "Example 3: Assigning: \"container\" = return value from \"getParentContainerFromParent(pname)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 671, + "event": "example_checked", + "message": "Example 3 (cont.): \"container\" has its value checked in \"container instanceof org.apache.catalina.Context\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| Container container = getParentContainerFromParent(pname);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241| // Add the new instance to its parent component", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242|-> container.setRealm(realm);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| // Return the corresponding MBean name", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 244| ObjectName oname = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ServiceMBean.getExecutor(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 114, + "event": "returned_null", + "message": "\"getExecutor\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.StandardService.getExecutor\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 114, + "event": "var_assigned", + "message": "Assigning: \"executor\" = \"null\" return value from \"getExecutor\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 115, + "event": "null_method_call", + "message": "Calling a method on null object \"executor\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ConnectorCreateRule.java", + "line": 62, + "event": "example_assign", + "message": "Example 1: Assigning: \"ex\" = return value from \"svc.getExecutor(executorName)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ConnectorCreateRule.java", + "line": 66, + "event": "example_checked", + "message": "Example 1 (cont.): \"ex\" has its value checked in \"ex != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| Service service = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| Executor executor = service.getExecutor(name);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> return executor.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.DataSourceRealm.open()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 384, + "event": "path", + "message": "Condition \"localDataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 388, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 388, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 386| context = (Context) context.lookup(\"comp/env\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 387| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388|-> context = getServer().getGlobalNamingContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| DataSource dataSource = (DataSource)context.lookup(dataSourceName);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.JNDIRealm.authenticate(org.apache.catalina.realm.JNDIRealm$JNDIConnection, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1304, + "event": "path", + "message": "Condition \"username == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1304, + "event": "path", + "message": "Condition \"username.equals(\"\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1304, + "event": "path", + "message": "Condition \"credentials == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1304, + "event": "path", + "message": "Condition \"credentials.equals(\"\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1311, + "event": "path", + "message": "Condition \"userPatternArray != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1312, + "event": "path", + "message": "Condition \"curUserPattern < userPatternArray.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1315, + "event": "path", + "message": "Condition \"user != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1335, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1312, + "event": "path", + "message": "Condition \"curUserPattern < userPatternArray.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1315, + "event": "path", + "message": "Condition \"user != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1318, + "event": "path", + "message": "Condition \"checkCredentials(connection.context, user, credentials)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1320, + "event": "returned_null", + "message": "\"getRoles\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1320, + "event": "var_assigned", + "message": "Assigning: \"roles\" = \"null\" return value from \"getRoles\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1321, + "event": "path", + "message": "Condition \"containerLog.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1322, + "event": "null_method_call", + "message": "Calling a method on null object \"roles\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1320| List roles = getRoles(connection, user);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1321| if (containerLog.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1322|-> containerLog.debug(\"Found roles: \" + roles.toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1323| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1324| return new GenericPrincipal(username, credentials, roles);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.realm.JNDIRealm.createTlsDirContext(java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2565, + "event": "path", + "message": "Iterating over another element of \"java.util.Arrays.asList(\"java.naming.security.authentication\", \"java.naming.security.credentials\", \"java.naming.security.principal\", \"java.naming.security.protocol\")\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2568, + "event": "path", + "message": "Condition \"entry != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2571, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2565, + "event": "path", + "message": "No elements left in \"java.util.Arrays.asList(\"java.naming.security.authentication\", \"java.naming.security.credentials\", \"java.naming.security.principal\", \"java.naming.security.protocol\")\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2574, + "event": "new_resource", + "message": "\"new javax.naming.ldap.InitialLdapContext(env, null)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2574, + "event": "var_assign", + "message": "Assigning: \"result\" = resource returned from \"new javax.naming.ldap.InitialLdapContext(env, null)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2575, + "event": "noescape", + "message": "Resource \"result\" is not closed or saved in \"extendedOperation\". (The virtual call resolves to \"javax.naming.ldap.InitialLdapContext.extendedOperation\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2576, + "event": "path", + "message": "Condition \"getHostnameVerifier() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2579, + "event": "path", + "message": "Condition \"getCipherSuitesArray() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2585, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2589, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2590, + "event": "path", + "message": "Iterating over another element of \"savedEnv.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2592, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2590, + "event": "path", + "message": "Iterating over another element of \"savedEnv.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2591, + "event": "path", + "message": "Throwing \"javax.naming.NamingException\" (or subclass) from call to \"addToEnvironment\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2591, + "event": "leaked_resource", + "message": "Variable \"result\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2589| if (result != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2590| for (Map.Entry savedEntry : savedEnv.entrySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2591|-> result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2592| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2593| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.RealmBase.hasResourcePermission(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[], org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 819, + "event": "path", + "message": "Condition \"constraints == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 819, + "event": "path", + "message": "Condition \"constraints.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 827, + "event": "path", + "message": "No elements left in \"constraints\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"!denyfromall\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"allRolesMode != org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_MODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"!status\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"principal != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 885, + "event": "path", + "message": "Condition \"org.apache.catalina.realm.RealmBase.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 889, + "event": "path", + "message": "Iterating over another element of \"constraints\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 892, + "event": "path", + "message": "Condition \"constraint.getAllRoles()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 893, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "path", + "message": "Condition \"roles.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 911, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 889, + "event": "path", + "message": "Iterating over another element of \"constraints\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 892, + "event": "path", + "message": "Condition \"constraint.getAllRoles()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 893, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 902, + "event": "returned_null", + "message": "\"findSecurityRoles\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findSecurityRoles\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 902, + "event": "var_assigned", + "message": "Assigning: \"roles\" = \"null\" return value from \"findSecurityRoles\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "null_array_length", + "message": "Accessing length of null array \"roles\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 831, + "event": "example_assign", + "message": "Example 1: Assigning: \"roles\" = return value from \"request.getContext().findSecurityRoles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 836, + "event": "example_checked", + "message": "Example 1 (cont.): \"roles\" has its value checked in \"roles == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 901| // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 902| roles = request.getContext().findSecurityRoles();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 903|-> if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 904| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 905| log.debug(\"Granting access for role-name=*, strict auth-only\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.UserDatabaseRealm.getUserDatabase()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 171, + "event": "path", + "message": "Condition \"database == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 173, + "event": "path", + "message": "Condition \"database == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 176, + "event": "path", + "message": "Condition \"localJndiResource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 180, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 180, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| context = (Context) context.lookup(\"comp/env\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180|-> context = getServer().getGlobalNamingContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 181| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 182| database = (UserDatabase) context.lookup(resourceName);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet$CGIRunner.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1594, + "event": "path", + "message": "Condition \"!isReady()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1598, + "event": "path", + "message": "Condition \"org.apache.catalina.servlets.CGIServlet.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(java.io.File.separator + \".\" + java.io.File.separator)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(java.io.File.separator + \"..\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(\"..\" + java.io.File.separator)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1623, + "event": "path", + "message": "Condition \"cgiExecutable.length() != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1626, + "event": "path", + "message": "Condition \"cgiExecutableArgs != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1640, + "event": "path", + "message": "Condition \"!\"\".equals(sContentLength)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1641, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getOutputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1641, + "event": "var_assign", + "message": "Assigning: \"commandsStdIn\" = resource returned from \"new java.io.BufferedOutputStream(proc.getOutputStream())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1642, + "event": "noescape", + "message": "Resource \"commandsStdIn\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1643, + "event": "noescape", + "message": "Resource \"commandsStdIn\" is not closed or saved in \"flush\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1643, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"flush\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1733, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1735, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1738, + "event": "path", + "message": "Condition \"cgiHeaderReader != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1746, + "event": "path", + "message": "Condition \"cgiOutput != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1754, + "event": "path", + "message": "Condition \"errReaderThread != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1760, + "event": "path", + "message": "Condition \"proc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1764, + "event": "path", + "message": "Leaving finally statement; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1764, + "event": "leaked_resource", + "message": "Variable \"commandsStdIn\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1762| proc = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1763| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1764|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1765| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1766| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.doPut(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 629, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 626, + "event": "thread_entry_point", + "message": "\"doPut\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 634| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 635| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 636|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 637| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 638| Range range = parseContentRange(req, resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.executePartialPut(javax.servlet.http.HttpServletRequest, org.apache.catalina.servlets.DefaultServlet$Range, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 702, + "event": "path", + "message": "Condition \"contentFile.createNewFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708| new RandomAccessFile(contentFile, \"rw\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 709| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 710|-> WebResource oldResource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 711| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 712| // Copy data in oldRevisionContent to contentFile", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.doDelete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 758, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 755, + "event": "thread_entry_point", + "message": "\"doDelete\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 763| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 764| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 765|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 766| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 767| if (resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.serveResource(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 839, + "event": "path", + "message": "Condition \"debug > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 840, + "event": "path", + "message": "Condition \"serveContent\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 843, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 849, + "event": "path", + "message": "Condition \"path.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 853| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 854| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 855|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 856| boolean isError = DispatcherType.ERROR == request.getDispatcherType();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 857| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.getAvailablePrecompressedResources(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1341, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.isFile()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1341, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1335| List ret = new ArrayList<>(compressionFormats.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1336| for (CompressionFormat format : compressionFormats) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1337|-> WebResource precompressedResource = resources.getResource(path + format.extension);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1338| if (precompressedResource.exists() && precompressedResource.isFile()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1339| ret.add(new PrecompressedResource(precompressedResource, format));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPropfind(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 491, + "event": "path", + "message": "Condition \"!listings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 497, + "event": "path", + "message": "Condition \"path.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 497, + "event": "path", + "message": "Condition \"path.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 510, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 512, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 524, + "event": "path", + "message": "Condition \"req.getContentLengthLong() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 537, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 539, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 537, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.ELEMENT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 541, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"prop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 545, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"propname\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 548, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"allprop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 551, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 561, + "event": "path", + "message": "Condition \"type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 589, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 589, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 589, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 589, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 587| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 588| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 589|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 590| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 591| if (!resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPropfind(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 491, + "event": "path", + "message": "Condition \"!listings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 497, + "event": "path", + "message": "Condition \"path.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 497, + "event": "path", + "message": "Condition \"path.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 510, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 512, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 524, + "event": "path", + "message": "Condition \"req.getContentLengthLong() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 537, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 539, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 537, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.ELEMENT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 541, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"prop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 545, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"propname\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 548, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"allprop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 551, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 553, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 535, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 561, + "event": "path", + "message": "Condition \"type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 591, + "event": "path", + "message": "Condition \"!resource.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 625, + "event": "path", + "message": "Condition \"!resource.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 641, + "event": "path", + "message": "Condition \"depth == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 652, + "event": "path", + "message": "Condition \"!stack.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 652, + "event": "path", + "message": "Condition \"depth >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 660, + "event": "path", + "message": "Condition \"resource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 695, + "event": "path", + "message": "Condition \"stack.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 703, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 652, + "event": "path", + "message": "Condition \"!stack.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 652, + "event": "path", + "message": "Condition \"depth >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 658, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 658, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 658, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 658, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656| type, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 658|-> resource = resources.getResource(currentPath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 659| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 660| if (resource.isDirectory() && (depth > 0)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doMkcol(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 749, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 749, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 749, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 749, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 747| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 748| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 749|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 750| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 751| // Can't create a collection if a resource already exists at the given", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPut(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 833, + "event": "path", + "message": "Condition \"isLocked(req)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 839, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 830, + "event": "thread_entry_point", + "message": "\"doPut\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 839, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 839, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 839, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 837| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 838| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 839|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 840| if (resource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 841| sendNotAllowed(req, resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doLock(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 909, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 914, + "event": "path", + "message": "Condition \"isLocked(req)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 927, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 929, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 941, + "event": "path", + "message": "Condition \"lockDurationStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 943, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 978, + "event": "path", + "message": "Throwing \"java.io.IOException\" from call to \"parse\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 984, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 988, + "event": "path", + "message": "Condition \"lockInfoNode != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1113, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1113, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1113, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1113, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1111| lock.path = path;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1112| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1113|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1114| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1115| Enumeration locksList = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doLock(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 55, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 909, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 914, + "event": "path", + "message": "Condition \"isLocked(req)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 927, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 929, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 941, + "event": "path", + "message": "Condition \"lockDurationStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 943, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 984, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 988, + "event": "path", + "message": "Condition \"lockInfoNode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1000, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1002, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1004, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1018, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1000, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1002, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.ELEMENT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1007, + "event": "path", + "message": "Condition \"nodeName.endsWith(\"lockscope\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1010, + "event": "path", + "message": "Condition \"nodeName.endsWith(\"locktype\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1013, + "event": "path", + "message": "Condition \"nodeName.endsWith(\"owner\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1016, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1018, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1000, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1020, + "event": "path", + "message": "Condition \"lockScopeNode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1023, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1025, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1027, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1038, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1023, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1040, + "event": "path", + "message": "Condition \"lock.scope == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1045, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1050, + "event": "path", + "message": "Condition \"lockTypeNode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1053, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1055, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1057, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1068, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1053, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1070, + "event": "path", + "message": "Condition \"lock.type == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1075, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1080, + "event": "path", + "message": "Condition \"lockOwnerNode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1083, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1085, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1088, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1096, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1083, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1098, + "event": "path", + "message": "Condition \"lock.owner == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1103, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1117, + "event": "path", + "message": "Condition \"lockRequestType == 0 /* org.apache.catalina.servlets.WebdavServlet.LOCK_CREATION */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1128, + "event": "path", + "message": "Condition \"resource.isDirectory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1128, + "event": "path", + "message": "Condition \"lock.depth == maxDepth\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1136, + "event": "path", + "message": "Condition \"locksList.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1138, + "event": "path", + "message": "Condition \"currentLock.hasExpired()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1142, + "event": "path", + "message": "Condition \"currentLock.path.startsWith(lock.path)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1142, + "event": "path", + "message": "Condition \"currentLock.isExclusive()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1148, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1136, + "event": "path", + "message": "Condition \"locksList.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1149, + "event": "return_thread_shared", + "message": "Call to \"elements\" returns a pointer to thread-shared data. (The virtual call resolves to \"java.util.Hashtable.elements\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1149, + "event": "assign", + "message": "Assigning: \"locksList\" = \"resourceLocks.elements()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1150, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"locksList\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1150, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1150, + "event": "write", + "message": "\"locksList\" is modified in call to \"hasMoreElements\". (The virtual call resolves to \"org.apache.catalina.loader.WebappClassLoaderBase.CombinedEnumeration.hasMoreElements\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1148| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1149| locksList = resourceLocks.elements();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1150|-> while (locksList.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1151| LockInfo currentLock = locksList.nextElement();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1152| if (currentLock.hasExpired()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1554, + "event": "path", + "message": "Condition \"destinationPath == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1563, + "event": "path", + "message": "Condition \"protocolIndex >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1568, + "event": "path", + "message": "Condition \"firstSeparator < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1573, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1599, + "event": "path", + "message": "Condition \"contextPath != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1599, + "event": "path", + "message": "Condition \"destinationPath.startsWith(contextPath)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1605, + "event": "path", + "message": "Condition \"pathInfo != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1607, + "event": "path", + "message": "Condition \"servletPath != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1607, + "event": "path", + "message": "Condition \"destinationPath.startsWith(servletPath)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1614, + "event": "path", + "message": "Condition \"debug > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1619, + "event": "path", + "message": "Condition \"isSpecialPath(destinationPath)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1626, + "event": "path", + "message": "Condition \"destinationPath.equals(path)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1636, + "event": "path", + "message": "Condition \"overwriteHeader != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1637, + "event": "path", + "message": "Condition \"overwriteHeader.equalsIgnoreCase(\"T\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1639, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1646, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1646, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1646, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1646, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1644| // Overwriting the destination", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1645| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1646|-> WebResource destination = resources.getResource(destinationPath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1647| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1648| if (overwrite) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1707, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1711, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1711, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1711, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1711, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1709| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1710| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1711|-> WebResource sourceResource = resources.getResource(source);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1712| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713| if (sourceResource.isDirectory()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1707, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1713, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1714, + "event": "path", + "message": "Condition \"!resources.mkdir(dest)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1715, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1715, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1715, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1715, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713| if (sourceResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714| if (!resources.mkdir(dest)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1715|-> WebResource destResource = resources.getResource(dest);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1716| if (!destResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1717| errorList.put(dest, Integer.valueOf(WebdavStatus.SC_CONFLICT));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1707, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1713, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1736, + "event": "path", + "message": "Condition \"sourceResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1735| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1736| } else if (sourceResource.isFile()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1737|-> WebResource destResource = resources.getResource(dest);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1738| if (!destResource.exists() && !destResource.getWebappPath().endsWith(\"/\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1739| int lastSlash = destResource.getWebappPath().lastIndexOf('/');", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1707, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1713, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1736, + "event": "path", + "message": "Condition \"sourceResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "path", + "message": "Condition \"!destResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "path", + "message": "Condition \"!destResource.getWebappPath().endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1740, + "event": "path", + "message": "Condition \"lastSlash > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1742, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1742, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1742, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1742, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1740| if (lastSlash > 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1741| String parent = destResource.getWebappPath().substring(0, lastSlash);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1742|-> WebResource parentResource = resources.getResource(parent);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1743| if (!parentResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1744| errorList.put(source, Integer.valueOf(WebdavStatus.SC_CONFLICT));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.deleteResource(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1807, + "event": "path", + "message": "Condition \"ifHeader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1812, + "event": "path", + "message": "Condition \"lockTokenHeader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1816, + "event": "path", + "message": "Condition \"isLocked(path, ifHeader + lockTokenHeader)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1821, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1821, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1821, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1821, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1819| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1820| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1821|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1822| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1823| if (!resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.sendReport(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1941, + "event": "return_thread_shared", + "message": "Call to \"keys\" returns a pointer to thread-shared data. (The virtual call resolves to \"java.util.Hashtable.keys\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1941, + "event": "assign", + "message": "Assigning: \"pathList\" = \"errorList.keys()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1942, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"pathList\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1942, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1942, + "event": "write", + "message": "\"pathList\" is modified in call to \"hasMoreElements\". (The virtual call resolves to \"org.apache.catalina.loader.WebappClassLoaderBase.CombinedEnumeration.hasMoreElements\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1940| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1941| Enumeration pathList = errorList.keys();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1942|-> while (pathList.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1943| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1944| String errorPath = pathList.nextElement();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.parseProperties(javax.servlet.http.HttpServletRequest, org.apache.catalina.util.XMLWriter, java.lang.String, int, java.util.Vector)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1989, + "event": "path", + "message": "Condition \"isSpecialPath(path)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1993, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1993, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1993, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1993, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1991| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1992| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1993|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1994| if (!resource.exists()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1995| // File is in directory listing but doesn't appear to exist", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.determineMethodsAllowed(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2354, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2354, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2354, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2354, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2352| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2353| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2354|-> WebResource resource = resources.getResource(getRelativePath(req));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2355| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2356| // These methods are always allowed. They may return a 404 (not a 405)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.session.ManagerBase.generateSessionId()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 889, + "event": "path", + "message": "Condition \"result != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 898, + "event": "path", + "message": "Condition \"sessions.containsKey(result)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 889, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 893, + "event": "read_volatile", + "message": "Reading \"duplicates\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 893, + "event": "intervening_update", + "message": "Another thread writes to \"duplicates\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 893, + "event": "stale_update", + "message": "Updating \"duplicates\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 891| // that is not a big deal since the fact that there was any", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 892| // duplicate is a much bigger issue.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 893|-> duplicates++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 894| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 895| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIExec.process(org.apache.catalina.ssi.SSIMediator, java.lang.String, java.lang.String[], java.lang.String[], java.io.PrintWriter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 53, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cgi\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 57, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cmd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 65, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getErrorStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 65, + "event": "var_assign", + "message": "Assigning: \"stdErrReader\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader(proc.getErrorStream()))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 68, + "event": "noescape", + "message": "Resource \"stdErrReader\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 72, + "event": "leaked_resource", + "message": "Variable \"stdErrReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| proc.waitFor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| lastModified = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> } catch (InterruptedException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ssiMediator.log(sm.getString(\"ssiExec.executeFailed\", substitutedValue), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| writer.write(configErrMsg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIExec.process(org.apache.catalina.ssi.SSIMediator, java.lang.String, java.lang.String[], java.lang.String[], java.io.PrintWriter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 53, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cgi\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 57, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cmd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 63, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 63, + "event": "var_assign", + "message": "Assigning: \"stdOutReader\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader(proc.getInputStream()))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 69, + "event": "noescape", + "message": "Resource \"stdOutReader\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 72, + "event": "leaked_resource", + "message": "Variable \"stdOutReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| proc.waitFor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| lastModified = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> } catch (InterruptedException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ssiMediator.log(sm.getString(\"ssiExec.executeFailed\", substitutedValue), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| writer.write(configErrMsg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIServlet.processSSI(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.net.URL)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 199, + "event": "path", + "message": "Condition \"buffered\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 202, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 207, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 207, + "event": "var_assign", + "message": "Assigning: \"resourceInputStream\" = resource returned from \"resourceInfo.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 209, + "event": "path", + "message": "Condition \"encoding == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 213, + "event": "path", + "message": "Condition \"encoding == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 214, + "event": "var_assign", + "message": "Assigning: \"isr\" = resource returned from \"new java.io.InputStreamReader(resourceInputStream)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 215, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 218, + "event": "var_assign", + "message": "Assigning: \"bufferedReader\" = resource returned from \"new java.io.BufferedReader(isr)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "noescape", + "message": "Resource \"bufferedReader\" is not closed or saved in \"process\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"process\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"bufferedReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"isr\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"resourceInputStream\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| BufferedReader bufferedReader = new BufferedReader(isr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220|-> long lastModified = ssiProcessor.process(bufferedReader,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| resourceInfo.getLastModified(), printWriter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| if (lastModified > 0) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureStop()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1032, + "event": "path", + "message": "Condition \"org.apache.catalina.startup.ContextConfig.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1040, + "event": "path", + "message": "Condition \"i < children.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1042, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1040, + "event": "path", + "message": "Condition \"i < children.length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1055, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1055, + "event": "var_assigned", + "message": "Assigning: \"securityConstraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1056, + "event": "null_array_length", + "message": "Accessing length of null array \"securityConstraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1054| // Removing security constraints", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1055| SecurityConstraint[] securityConstraints = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1056|-> for (i = 0; i < securityConstraints.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| context.removeConstraint(securityConstraints[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1058| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.validateSecurityRoles()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1189, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1189, + "event": "var_assigned", + "message": "Assigning: \"constraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1190, + "event": "null_array_length", + "message": "Accessing length of null array \"constraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1188| // Check role names used in elements", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1189| SecurityConstraint constraints[] = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1190|-> for (SecurityConstraint constraint : constraints) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1191| String roles[] = constraint.findAuthRoles();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1192| for (String role : roles) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1514, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1512| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1513| if (servlet.getLoadOnStartup() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1514|-> wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1515| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1516| if (servlet.getEnabled() != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1516, + "event": "path", + "message": "Condition \"servlet.getEnabled() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1517, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1515| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1516| if (servlet.getEnabled() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1517|-> wrapper.setEnabled(servlet.getEnabled().booleanValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1518| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1519| wrapper.setName(servlet.getServletName());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1516, + "event": "path", + "message": "Condition \"servlet.getEnabled() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1519, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1517| wrapper.setEnabled(servlet.getEnabled().booleanValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1518| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1519|-> wrapper.setName(servlet.getServletName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1520| Map params = servlet.getParameterMap();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1521| for (Entry entry : params.entrySet()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(org.apache.tomcat.util.descriptor.web.WebXml, org.apache.tomcat.util.descriptor.web.WebXmlParser)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2119, + "event": "returned_null", + "message": "\"getJarScanner\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.getJarScanner\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2119, + "event": "var_assigned", + "message": "Assigning: \"jarScanner\" = \"null\" return value from \"getJarScanner\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2121, + "event": "path", + "message": "Condition \"context instanceof org.apache.catalina.core.StandardContext\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"absoluteOrder != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"absoluteOrder.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"!context.getXmlValidation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2136, + "event": "null_method_call", + "message": "Calling a method on null object \"jarScanner\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2134| new FragmentJarScannerCallback(webXmlParser, delegate, parseRequired);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2135| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2136|-> jarScanner.scan(JarScanType.PLUGGABILITY,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2137| context.getServletContext(), callback);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2138| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.processAnnotationsInParallel(java.util.Set, boolean, java.util.Map)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2211, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2211, + "event": "var_assigned", + "message": "Assigning: \"s\" = \"null\" return value from \"getServer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2213, + "event": "null_method_call", + "message": "Calling a method on null object \"s\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1145, + "event": "example_assign", + "message": "Example 1: Assigning: \"s\" = return value from \"getServer()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1146, + "event": "example_checked", + "message": "Example 1 (cont.): \"s\" has its value checked in \"s != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2211| Server s = getServer();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2212| ExecutorService pool = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2213|-> pool = s.getUtilityExecutor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2214| List> futures = new ArrayList<>(fragments.size());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2215| for (WebXml fragment : fragments) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.startup.HostConfig.deployDescriptor(org.apache.catalina.util.ContextName, java.io.File)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 619, + "event": "path", + "message": "Condition \"org.apache.catalina.startup.HostConfig.log.isInfoEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 624, + "event": "assign_zero", + "message": "Assigning: \"context\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 629, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 691, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 699, + "event": "null_method_call", + "message": "Calling a method on null object \"context\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 697| // default to appBase dir + name", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 698| expandedDocBase = new File(host.getAppBaseFile(), cn.getBaseName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 699|-> if (context.getDocBase() != null && !context.getDocBase().toLowerCase(Locale.ENGLISH).endsWith(\".war\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 700| // first assume docBase is absolute", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 701| expandedDocBase = new File(context.getDocBase());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.Tomcat.addServlet(org.apache.catalina.Context, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 387, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 387, + "event": "var_assigned", + "message": "Assigning: \"sw\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 388, + "event": "null_method_call", + "message": "Calling a method on null object \"sw\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 386| // will do class for name and set init params", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 387| Wrapper sw = ctx.createWrapper();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388|-> sw.setServletClass(servletClass);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389| sw.setName(servletName);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| ctx.addChild(sw);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.WebAnnotationSet.loadApplicationListenerAnnotations(org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 81, + "event": "returned_null", + "message": "\"findApplicationListeners\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findApplicationListeners\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 81, + "event": "var_assigned", + "message": "Assigning: \"applicationListeners\" = \"null\" return value from \"findApplicationListeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 82, + "event": "null_array_length", + "message": "Accessing length of null array \"applicationListeners\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| protected static void loadApplicationListenerAnnotations(Context context) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| String[] applicationListeners = context.findApplicationListeners();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82|-> for (String className : applicationListeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| Class clazz = Introspection.loadClass(context, className);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| if (clazz == null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StandardContextSF.store(java.io.PrintWriter, int, java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 71, + "event": "path", + "message": "Condition \"aContext instanceof org.apache.catalina.core.StandardContext\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 72, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 72, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 74, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| aContext.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74|-> if (desc.isStoreSeparate()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| URL configFile = ((StandardContext) aContext)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| .getConfigFile();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 273, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 273, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 274, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| desc = getRegistry().findDescription(aContext.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274|-> oldSeparate = desc.isStoreSeparate();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| desc.setStoreSeparate(false);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| desc.getStoreFactory().store(aWriter, indent, aContext);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Host)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 291, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 291, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 293, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 291| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| aHost.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293|-> desc.getStoreFactory().store(aWriter, indent, aHost);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Service)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 303, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 303, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 305, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 303| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 304| aService.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 305|-> desc.getStoreFactory().store(aWriter, indent, aService);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 306| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 307| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Server)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 315, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 315, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 317, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| aServer.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317|-> desc.getStoreFactory().store(writer, indent, aServer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreContextAppender.isPrintValue(java.lang.Object, java.lang.Object, java.lang.String, org.apache.catalina.storeconfig.StoreDescription)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 64, + "event": "path", + "message": "Condition \"isPrint\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 66, + "event": "path", + "message": "Condition \"\"workDir\".equals(attrName)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 67, + "event": "returned_null", + "message": "\"getDefaultWorkDir\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 67, + "event": "var_assigned", + "message": "Assigning: \"defaultWorkDir\" = \"null\" return value from \"getDefaultWorkDir\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 68, + "event": "null_method_call", + "message": "Calling a method on null object \"defaultWorkDir\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| if (\"workDir\".equals(attrName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| String defaultWorkDir = getDefaultWorkDir(context);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> isPrint = !defaultWorkDir.equals(context.getWorkDir());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| } else if (\"path\".equals(attrName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| isPrint = desc.isStoreSeparate()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreFactoryBase.storeElement(java.io.PrintWriter, int, java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 163, + "event": "path", + "message": "Condition \"aTagElement != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 167, + "event": "path", + "message": "Condition \"elementFactory != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 168, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 168, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 170, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| aTagElement.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170|-> if (!desc.isTransientChild(aTagElement.getClass().getName())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| elementFactory.store(aWriter, indent, aTagElement);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder.add(org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder, org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder)", + "language": "java", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 291, + "event": "path", + "message": "Condition \"head == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 294, + "event": "path", + "message": "Condition \"add == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 297, + "event": "path", + "message": "Condition \"head == add\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 301, + "event": "path", + "message": "Condition \"head.getMsgNr() > add.getMsgNr()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 307, + "event": "assign_zero", + "message": "Assigning: \"prev\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 308, + "event": "path", + "message": "Condition \"iter.getMsgNr() < add.getMsgNr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 308, + "event": "path", + "message": "Condition \"iter.next != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 312, + "event": "path", + "message": "Condition \"iter.getMsgNr() < add.getMsgNr()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 316, + "event": "path", + "message": "Condition \"iter.getMsgNr() > add.getMsgNr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 318, + "event": "null_field_access", + "message": "Accessing field of null object \"prev\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| } else if (iter.getMsgNr() > add.getMsgNr()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| //add before", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318|-> prev.next = add; // prev cannot be null here, warning suppressed", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| add.next = iter;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.start(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 50, + "event": "path", + "message": "Condition \"(level & 4 /* org.apache.catalina.tribes.MembershipService.MBR_RX */) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 59, + "event": "path", + "message": "Condition \"org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 69, + "event": "path", + "message": "Condition \"caCertFile == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 73, + "event": "path", + "message": "Condition \"clientCertificateFile == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 74, + "event": "path", + "message": "Condition \"protocol == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 78, + "event": "path", + "message": "Condition \"saTokenFile == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getDefault\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "noescape", + "message": "Resource \"java.nio.file.FileSystems.getDefault()\" is not closed or saved in \"getPath\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"java.nio.file.FileSystems.getDefault()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82|-> byte[] bytes = Files.readAllBytes(FileSystems.getDefault().getPath(saTokenFile));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| streamProvider = new TokenStreamProvider(new String(bytes, StandardCharsets.US_ASCII), caCertFile);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| } catch (IOException e) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.tribes.tipis.AbstractReplicatedMap.clear(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1218, + "event": "path", + "message": "Condition \"notify\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1220, + "event": "return_collection_alias", + "message": "Call to \"keySet\" returns an \"Iterable\" equivalent to \"this\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1220, + "event": "enhanced_for", + "message": "Starting an iteration on \"keySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1220, + "event": "path", + "message": "Iterating over another element of \"keySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1221, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"this\" which invalidates the iterator for the loop on \"keySet()\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1222, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1220, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"keySet()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1218| if ( notify ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1219| //only delete active keys", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1220|-> for (K k : keySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1221| remove(k);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1222| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.tribes.transport.nio.NioSender.write()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"!isConnected()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"this.socketChannel == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "var_compare_op", + "message": "Comparing \"this.socketChannel\" to null implies that \"this.socketChannel\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"this.dataChannel == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 206, + "event": "path", + "message": "Condition \"current != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 207, + "event": "path", + "message": "Condition \"remaining > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 210, + "event": "null_method_call", + "message": "Calling a method on null object \"socketChannel\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208| //we have written everything, or we are starting a new package", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| //protect against buffer overwrite", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210|-> int byteswritten = isUdpBased()?dataChannel.write(writebuf) : socketChannel.write(writebuf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211| if (byteswritten == -1 ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| throw new EOFException();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNUSED_VALUE", + "cwe": 563, + "function": "org.apache.catalina.valves.ExtendedAccessLogValve$PatternTokenizer.getToken()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 437, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 442, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 447, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 452, + "event": "returned_reference", + "message": "Assigning value from \"buf.toString()\" to \"result\" here, but that stored value is overwritten before it can be used.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 450| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 451| case ')':", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 452|-> result = buf.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 453| buf = new StringBuilder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 454| break;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.valves.rewrite.ResolverImpl.resolveSsl(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 156, + "event": "path", + "message": "Condition \"key.equals(\"HTTPS\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 158, + "event": "path", + "message": "Condition \"key.equals(\"SSL_PROTOCOL\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 160, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SESSION_ID\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 162, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SESSION_RESUMED\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SECURE_RENEG\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 166, + "event": "path", + "message": "Condition \"key.equals(\"SSL_COMPRESS_METHOD\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 168, + "event": "path", + "message": "Condition \"key.equals(\"SSL_TLS_SNI\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 170, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 172, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_EXPORT\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 184, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_ALGKEYSIZE\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 191, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_USEKEYSIZE\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 192, + "event": "returned_null", + "message": "\"getKeySize\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 192, + "event": "null_method_call", + "message": "Calling a method on null object \"sslSupport.getKeySize()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProcessor.java", + "line": 802, + "event": "example_assign", + "message": "Example 1: Assigning: \"sslO\" = return value from \"sslSupport.getKeySize()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProcessor.java", + "line": 803, + "event": "example_checked", + "message": "Example 1 (cont.): \"sslO\" has its value checked in \"sslO != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| } else if (key.equals(\"SSL_CIPHER_USEKEYSIZE\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192|-> return sslSupport.getKeySize().toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193| } else if (key.startsWith(\"SSL_CLIENT_\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| X509Certificate[] certificates = sslSupport.getPeerCertificateChain();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.webresources.AbstractFileResourceSet.file(java.lang.String, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 61, + "event": "path", + "message": "Condition \"name.equals(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 69, + "event": "path", + "message": "Condition \"name.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 69, + "event": "path", + "message": "Condition \"file.isFile()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 75, + "event": "path", + "message": "Condition \"mustExist\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 75, + "event": "path", + "message": "Condition \"!file.canRead()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 81, + "event": "path", + "message": "Condition \"getRoot().getAllowLinking()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 87, + "event": "path", + "message": "Condition \"org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 87, + "event": "path", + "message": "Condition \"isInvalidWindowsFilename(name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 95, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 98, + "event": "path", + "message": "Condition \"canPath == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 98, + "event": "path", + "message": "Condition \"!canPath.startsWith(canonicalBase)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 109, + "event": "returned_null", + "message": "\"normalize\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 109, + "event": "var_assigned", + "message": "Assigning: \"absPath\" = \"null\" return value from \"normalize\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 110, + "event": "null_method_call", + "message": "Calling a method on null object \"absPath\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| // well.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| String absPath = normalize(file.getAbsolutePath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110|-> if (absoluteBase.length() > absPath.length()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| return null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.release(java.lang.ClassLoader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 104, + "event": "path", + "message": "Condition \"org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.instance == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "enhanced_for", + "message": "Starting an iteration on \"factories\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "path", + "message": "Iterating over another element of \"factories\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 110, + "event": "path", + "message": "Condition \"factoryLoader != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 120, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "path", + "message": "Iterating over another element of \"factories\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 110, + "event": "path", + "message": "Condition \"factoryLoader != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 111, + "event": "path", + "message": "Condition \"classLoader.equals(factoryLoader)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 115, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"factories\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 116, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 120, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"factories\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| List factories = instance.userFactories;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> for (URLStreamHandlerFactory factory : factories) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| ClassLoader factoryLoader = factory.getClass().getClassLoader();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| while (factoryLoader != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.AbstractProtocol$ConnectionHandler.register(org.apache.coyote.Processor)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1135, + "event": "path", + "message": "Condition \"getProtocol().getDomain() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1139, + "event": "returned_null", + "message": "\"getRequest\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.coyote.http11.upgrade.UpgradeProcessorBase.getRequest\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1139, + "event": "null_method_call", + "message": "Calling a method on null object \"processor.getRequest()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1165, + "event": "example_assign", + "message": "Example 1: Assigning: \"r\" = return value from \"processor.getRequest()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1166, + "event": "example_checked", + "message": "Example 1 (cont.): \"r\" has its value checked in \"r == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1137| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1138| long count = registerCount.incrementAndGet();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1139|-> RequestInfo rp =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1140| processor.getRequest().getRequestProcessor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1141| rp.setGlobalProcessor(global);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.ajp.AjpProcessor.prepareRequest()", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 655, + "event": "path", + "message": "Condition \"methodCode != -1 /* org.apache.coyote.ajp.Constants.SC_M_JK_STORED */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 668, + "event": "path", + "message": "Condition \"socketWrapper != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 673, + "event": "path", + "message": "Condition \"isSSL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 719, + "event": "path", + "message": "Condition \"contentLengthSet\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 735, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 719, + "event": "path", + "message": "Condition \"contentLengthSet\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 722, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 735, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Condition \"hId == 7 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_TYPE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 731, + "event": "returned_null", + "message": "\"contentType\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 731, + "event": "null_method_call", + "message": "Calling a method on null object \"request.contentType()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 729| // just read the content-type header, so set it", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 730| ByteChunk bchunk = vMB.getByteChunk();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 731|-> request.contentType().setBytes(bchunk.getBytes(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 732| bchunk.getOffset(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 733| bchunk.getLength());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.http11.Http11Processor.addInputFilter(org.apache.coyote.http11.InputFilter[], java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 212, + "event": "path", + "message": "Condition \"contentDelimitation\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 226, + "event": "path", + "message": "Condition \"encodingName.equals(\"chunked\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 230, + "event": "path", + "message": "Condition \"i < inputFilters.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 231, + "event": "returned_null", + "message": "\"getEncodingName\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.coyote.http11.filters.SavedRequestInputFilter.getEncodingName\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 231, + "event": "null_method_call", + "message": "Calling a method on null object \"inputFilters[i].getEncodingName()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231|-> if (inputFilters[i].getEncodingName().toString().equals(encodingName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| inputBuffer.addActiveFilter(inputFilters[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| return;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addBytesSent(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "read_volatile", + "message": "Reading \"this.bytesSent\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "intervening_update", + "message": "Another thread writes to \"this.bytesSent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "stale_update", + "message": "Updating \"this.bytesSent\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| public void addBytesSent(long bytesSent) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> this.bytesSent += bytesSent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addBytesReceived(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "read_volatile", + "message": "Reading \"this.bytesReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "intervening_update", + "message": "Another thread writes to \"this.bytesReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "stale_update", + "message": "Updating \"this.bytesReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| public void addBytesReceived(long bytesReceived) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> this.bytesReceived += bytesReceived;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addMsgsSent(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "read_volatile", + "message": "Reading \"this.msgsSent\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "intervening_update", + "message": "Another thread writes to \"this.msgsSent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "stale_update", + "message": "Updating \"this.msgsSent\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| public void addMsgsSent(long msgsSent) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83|-> this.msgsSent += msgsSent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addMsgsReceived(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "read_volatile", + "message": "Reading \"this.msgsReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "intervening_update", + "message": "Another thread writes to \"this.msgsReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "stale_update", + "message": "Updating \"this.msgsReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| public void addMsgsReceived(long msgsReceived) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94|-> this.msgsReceived += msgsReceived;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 429, + "event": "path", + "message": "Condition \"!countedCookie\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "read_volatile", + "message": "Reading \"headerCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "intervening_update", + "message": "Another thread writes to \"headerCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "stale_update", + "message": "Updating \"headerCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 165, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"headerCount\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428| // multiple headers to aid compression", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429| if (!countedCookie) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430|-> headerCount ++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| countedCookie = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "read_volatile", + "message": "Reading \"headerCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "intervening_update", + "message": "Another thread writes to \"headerCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "stale_update", + "message": "Updating \"headerCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 165, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"headerCount\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434|-> headerCount ++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| // Overhead will vary. The main concern is that lots of small headers", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 429, + "event": "path", + "message": "Condition \"!countedCookie\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 433, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "read_volatile", + "message": "Reading \"headerSize\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "intervening_update", + "message": "Another thread writes to \"headerSize\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "stale_update", + "message": "Updating \"headerSize\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| // estimate of 3 which is the worst case for small headers.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| int inc = 3 + name.length() + value.length();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440|-> headerSize += inc;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| if (!isHeaderCountExceeded() && !isHeaderSizeExceeded(0)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 442| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http2.Http2Parser.readHeaderPayload(int, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 451, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2Parser.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 458, + "event": "path", + "message": "Condition \"remaining > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 459, + "event": "path", + "message": "Condition \"headerReadBuffer.remaining() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 462, + "event": "path", + "message": "Condition \"headerReadBuffer.capacity() < payloadSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 466, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 471, + "event": "read_volatile", + "message": "Reading \"headerReadBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 471, + "event": "intervening_update", + "message": "Another thread writes to \"headerReadBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 471, + "event": "stale_update", + "message": "Updating \"headerReadBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 469| newSize = headerReadBuffer.capacity() * 2;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 470| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 471|-> headerReadBuffer = ByteBufferUtils.expand(headerReadBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 472| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 473| int toRead = Math.min(headerReadBuffer.remaining(), remaining);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.Http2UpgradeHandler.pruneClosedStreams(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1205, + "event": "path", + "message": "Condition \"newStreamsSinceLastPrune < 9\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1207, + "event": "read_volatile", + "message": "Reading \"newStreamsSinceLastPrune\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1207, + "event": "intervening_update", + "message": "Another thread writes to \"newStreamsSinceLastPrune\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1207, + "event": "stale_update", + "message": "Updating \"newStreamsSinceLastPrune\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1205, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"newStreamsSinceLastPrune\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1205| if (newStreamsSinceLastPrune < 9) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1206| // Not atomic. Increments may be lost. Not a problem.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1207|-> newStreamsSinceLastPrune++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1208| return;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1209| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.coyote.http2.Http2UpgradeHandler.pruneClosedStreams(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 36, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1205, + "event": "path", + "message": "Condition \"newStreamsSinceLastPrune < 9\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1224, + "event": "path", + "message": "Condition \"max > 2147483647L /* java.lang.Integer.MAX_VALUE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1229, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1235, + "event": "path", + "message": "Condition \"toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "return_collection_alias", + "message": "Call to \"values\" returns an \"Iterable\" equivalent to \"streams\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "enhanced_for", + "message": "Starting an iteration on \"streams.values()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1260, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1263, + "event": "path", + "message": "Condition \"stream.isClosedFinal()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1268, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1306, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1259, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1263, + "event": "path", + "message": "Condition \"stream.isClosedFinal()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1268, + "event": "path", + "message": "Condition \"stream.getChildStreams().size() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1271, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"streams\" which invalidates the iterator for the loop on \"streams.values()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1273, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1276, + "event": "path", + "message": "Condition \"--toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"toClose > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"parent.getIdAsInt() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"parent.getIdAsInt() < stream.getIdAsInt()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"parent.getChildStreams().isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1293, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1296, + "event": "path", + "message": "Condition \"--toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1301, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"toClose > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"parent.getIdAsInt() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1285, + "event": "path", + "message": "Condition \"parent.getIdAsInt() < stream.getIdAsInt()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1302, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1306, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1257, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"streams.values()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1255| // lock on priorityTreeLock to ensure a consistent view.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1256| synchronized (priorityTreeLock) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1257|-> for (AbstractNonZeroStream stream : streams.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1258| // Never remove active streams", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1259| if (stream instanceof Stream && ((Stream) stream).isActive()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.Stream.receivedData(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "read_volatile", + "message": "Reading \"contentLengthReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "intervening_update", + "message": "Another thread writes to \"contentLengthReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "stale_update", + "message": "Updating \"contentLengthReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 587, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"contentLengthReceived\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 560| final void receivedData(int payloadSize) throws Http2Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 561|-> contentLengthReceived += payloadSize;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 562| long contentLengthHeader = coyoteRequest.getContentLengthLong();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 563| if (contentLengthHeader > -1 && contentLengthReceived > contentLengthHeader) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "org.apache.coyote.http2.Stream$StreamInputBuffer.swallowUnread()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 1240, + "event": "path", + "message": "Condition \"inBuffer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 1241, + "event": "lock_acquire", + "message": "Acquiring lock \"StreamInputBuffer.inBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 1243, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Stream.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 1246, + "event": "path", + "message": "Condition \"unreadByteCount > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Stream.java", + "line": 1249, + "event": "lock_order", + "message": "Acquiring lock \"Http2UpgradeHandler.socketWrapper\" while holding \"StreamInputBuffer.inBuffer\" conflicts with the lock order established elsewhere.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 777, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 786, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"handleAppInitiatedIOException\" acquires lock \"StreamInputBuffer.inBuffer\" while holding \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 819, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 842, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"handleAppInitiatedIOException\" acquires lock \"StreamInputBuffer.inBuffer\" while holding \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 659, + "event": "lock_acquire", + "message": "Example 3: Acquiring lock \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 660, + "event": "example_lock_order", + "message": "Example 3 (cont.): Calling \"doWriteHeaders\" acquires lock \"StreamInputBuffer.inBuffer\" while holding \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 856, + "event": "lock_acquire", + "message": "Example 4: Acquiring lock \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 862, + "event": "example_lock_order", + "message": "Example 4 (cont.): Calling \"sendPing\" acquires lock \"StreamInputBuffer.inBuffer\" while holding \"Http2UpgradeHandler.socketWrapper\". (The virtual call resolves to \"org.apache.coyote.http2.Http2AsyncUpgradeHandler.AsyncPingManager.sendPing\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 332, + "event": "lock_acquire", + "message": "Example 5: Acquiring lock \"Http2UpgradeHandler.socketWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 336, + "event": "example_lock_order", + "message": "Example 5 (cont.): Calling \"sendPing\" acquires lock \"StreamInputBuffer.inBuffer\" while holding \"Http2UpgradeHandler.socketWrapper\". (The virtual call resolves to \"org.apache.coyote.http2.Http2AsyncUpgradeHandler.AsyncPingManager.sendPing\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1247| inBuffer.position(0);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1248| inBuffer.limit(inBuffer.limit() - unreadByteCount);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1249|-> handler.onSwallowedDataFramePayload(getIdAsInt(), unreadByteCount);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1250| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1251| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.el.util.ReflectionUtil.getMethod(org.apache.el.lang.EvaluationContext, java.lang.Object, java.lang.Object, java.lang.Class[], java.lang.Object[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 137, + "event": "path", + "message": "Condition \"base == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 137, + "event": "path", + "message": "Condition \"property == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 147, + "event": "path", + "message": "Condition \"paramTypes == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 147, + "event": "var_compare_op", + "message": "Comparing \"paramTypes\" to null implies that \"paramTypes\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 149, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 156, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 157, + "event": "path", + "message": "Condition \"!m.getName().equals(methodName)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 159, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 259, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 156, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 157, + "event": "path", + "message": "Condition \"!m.getName().equals(methodName)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 167, + "event": "path", + "message": "Condition \"!m.isVarArgs()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 171, + "event": "path", + "message": "Condition \"m.isVarArgs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 171, + "event": "path", + "message": "Condition \"paramCount < mParamCount - 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"m.isVarArgs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramCount == mParamCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramValues != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramValues.length > paramCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "null_array_access", + "message": "Accessing an element on null array \"paramTypes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175|-> if (m.isVarArgs() && paramCount == mParamCount && paramValues != null &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| paramValues.length > paramCount && !paramTypes[mParamCount -1].isArray()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| // Method arguments don't match", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Compiler.isOutDated(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 456, + "event": "path", + "message": "Condition \"jsw != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 456, + "event": "path", + "message": "Condition \"ctxt.getOptions().getModificationTestInterval() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 459, + "event": "path", + "message": "Condition \"jsw.getLastModificationTest() + ctxt.getOptions().getModificationTestInterval() * 1000 > java.lang.System.currentTimeMillis()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 472, + "event": "path", + "message": "Condition \"checkClass\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 474, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 477, + "event": "path", + "message": "Condition \"!targetFile.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 481, + "event": "path", + "message": "Condition \"checkClass\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 481, + "event": "path", + "message": "Condition \"jsw != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 486, + "event": "path", + "message": "Condition \"jspRealLastModified.longValue() < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 491, + "event": "path", + "message": "Condition \"targetLastModified != jspRealLastModified.longValue()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 501, + "event": "path", + "message": "Condition \"jsw == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 506, + "event": "path", + "message": "Condition \"depends == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 510, + "event": "path", + "message": "Iterating over another element of \"depends.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 515, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:jar:\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 522, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 541, + "event": "path", + "message": "Condition \"includeLastModified != (java.lang.Long)include.getValue().longValue()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 544, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 551, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 510, + "event": "path", + "message": "Iterating over another element of \"depends.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 515, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:jar:\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 523, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 525, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 528, + "event": "path", + "message": "Condition \"includeUrl == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 532, + "event": "path", + "message": "Condition \"iuc instanceof java.net.JarURLConnection\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 533, + "event": "returned_null", + "message": "\"getJarEntry\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.webresources.CachedResource.CachedResourceJarURLConnection.getJarEntry\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 533, + "event": "null_method_call", + "message": "Calling a method on null object \"((java.net.JarURLConnection)iuc).getJarEntry()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 391, + "event": "example_assign", + "message": "Example 1: Assigning: \"jarEntry\" = return value from \"((java.net.JarURLConnection)uc).getJarEntry()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 392, + "event": "example_checked", + "message": "Example 1 (cont.): \"jarEntry\" has its value checked in \"jarEntry != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| URLConnection iuc = includeUrl.openConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| if (iuc instanceof JarURLConnection) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533|-> includeLastModified =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 534| ((JarURLConnection) iuc).getJarEntry().getTime();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 535| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.jasper.compiler.ELInterpreterFactory.getELInterpreter(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 58, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 59, + "event": "path", + "message": "Condition \"attribute instanceof org.apache.jasper.compiler.ELInterpreter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 61, + "event": "path", + "message": "Condition \"attribute instanceof java.lang.String\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 66, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 69, + "event": "path", + "message": "Condition \"className != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 75, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 80, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"context\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| // Cache the result for next time", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80|-> context.setAttribute(EL_INTERPRETER_CLASS_NAME, result);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseEL()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 109, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 110, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 110, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 111, + "event": "path", + "message": "Condition \"curToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 123, + "event": "path", + "message": "Condition \"buf.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 127, + "event": "path", + "message": "Condition \"!parseFunction()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 128, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| if (!parseFunction()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128|-> ELexpr.add(new ELNode.ELText(curToken.toString()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseFunction()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"isELReserved(curToken.toTrimmedString())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken.toChar() == '.'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 156, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 158, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 158, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 159, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| int mark = getIndex() - whiteSpace.length();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| curToken = nextToken();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159|-> if (curToken.toChar() == ':') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| if (hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161| Token t2 = nextToken();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseFunction()", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"isELReserved(curToken.toTrimmedString())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken.toChar() == '.'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 156, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 159, + "event": "path", + "message": "Condition \"curToken.toChar() == ':'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 160, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "path", + "message": "Condition \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 165, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 166, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 166, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 171, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171|-> if (curToken.toChar() == '(') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| ELexpr.add(new ELNode.Function(s1, s2, expression.substring(start, index - 1)));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| return true;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ErrorDispatcher.dispatch(org.apache.jasper.compiler.Mark, java.lang.String, java.lang.Object[], java.lang.Exception)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 257, + "event": "path", + "message": "Condition \"errCode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 259, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 265, + "event": "path", + "message": "Condition \"where != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 266, + "event": "path", + "message": "Condition \"jspcMode\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 269, + "event": "returned_null", + "message": "\"getURL\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 269, + "event": "null_method_call", + "message": "Calling a method on null object \"where.getURL()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| // Get the full URL of the resource that caused the error", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269|-> file = where.getURL().toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| } catch (MalformedURLException me) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| // Fallback to using context-relative path", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.saveScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2780, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2783, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2800, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2801, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2802, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2803, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2817, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2801, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2802, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2807, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2805| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2806| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2807|-> if (declaredVariables.contains(varInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2808| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2809| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.saveScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2780, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2783, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2800, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2819, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2820, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2821, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2844, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2819, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2820, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2825, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2823| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2824| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2825|-> if (declaredVariables.contains(tagVarInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2826| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2827| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.restoreScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2856, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2859, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2876, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2877, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2878, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2879, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2893, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2877, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2878, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2883, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2881| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2882| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2883|-> if (declaredVariables.contains(varInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2884| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2885| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.restoreScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2856, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2859, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2876, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2895, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2896, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2897, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2920, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2895, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2896, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2901, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2899| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2900| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2901|-> if (declaredVariables.contains(tagVarInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2902| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2903| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.JspUtil.getInputSource(java.lang.String, org.apache.tomcat.Jar, org.apache.jasper.JspCompilationContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 659, + "event": "path", + "message": "Condition \"jar != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 665, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 2 out of 6 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 665, + "event": "null_method_call", + "message": "Calling a method on null object \"ctxt.getResource(fname)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 384, + "event": "example_assign", + "message": "Example 1: Assigning: \"jspUrl\" = return value from \"getResource(resource)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 385, + "event": "example_checked", + "message": "Example 1 (cont.): \"jspUrl\" has its value checked in \"jspUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 526, + "event": "example_assign", + "message": "Example 2: Assigning: \"includeUrl\" = return value from \"ctxt.getResource((java.lang.String)include.getKey())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 528, + "event": "example_checked", + "message": "Example 2 (cont.): \"includeUrl\" has its value checked in \"includeUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 664| source = new InputSource(ctxt.getResourceAsStream(fname));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 665|-> source.setSystemId(ctxt.getResource(fname).toExternalForm());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 666| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 667| return source;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.PageInfo.setBufferValue(java.lang.String, org.apache.jasper.compiler.Node, org.apache.jasper.compiler.ErrorDispatcher)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 451, + "event": "path", + "message": "Condition \"\"none\".equalsIgnoreCase(value)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 454, + "event": "path", + "message": "Condition \"value == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 454, + "event": "var_compare_op", + "message": "Comparing \"value\" to null implies that \"value\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 455, + "event": "path", + "message": "Condition \"n == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 457, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 462, + "event": "null_method_call", + "message": "Calling a method on null object \"value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 462|-> @SuppressWarnings(\"null\") // value can't be null here", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| int k = Integer.parseInt(value.substring(0, value.length()-2));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| buffer = k * 1024;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.jasper.compiler.ScriptingVariabler$CustomTagCounter.visit(org.apache.jasper.compiler.Node$CustomTag)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 52, + "event": "save", + "message": "Saving non-local \"parent\" in local \"tmpParent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 53, + "event": "modify", + "message": "Modifying non-local \"parent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "exception", + "message": "Value of non-local \"parent\" that was saved in \"tmpParent\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "remediation", + "message": "Did you intend to enclose the code in a try block and handle restoring \"parent\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "path", + "message": "Throwing \"org.apache.jasper.JasperException\" (or subclass) from call to \"visitBody\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 55, + "event": "restore_example", + "message": "The original value of non-local \"parent\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| Node.CustomTag tmpParent = parent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| parent = n;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> visitBody(n);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| parent = tmpParent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| n.setNumCount(Integer.valueOf(count++));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.jasper.compiler.StringInterpreterFactory.getStringInterpreter(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 54, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 55, + "event": "path", + "message": "Condition \"attribute instanceof org.apache.jasper.compiler.StringInterpreter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"attribute instanceof java.lang.String\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 62, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 64, + "event": "path", + "message": "Condition \"className != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 70, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 75, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"context\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| // Cache the result for next time", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75|-> context.setAttribute(STRING_INTERPRETER_CLASS_NAME, result);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagFileProcessor.parseTagFileDirectives(org.apache.jasper.compiler.ParserController, java.lang.String, java.lang.String, org.apache.tomcat.Jar, javax.servlet.jsp.tagext.TagLibraryInfo)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 499, + "event": "assign_zero", + "message": "Assigning: \"page\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 501, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"parseTagFileDirectives\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 502, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 508, + "event": "null_method_call", + "message": "Calling a method on null object \"page\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 506| TagFileDirectiveVisitor tagFileVisitor = new TagFileDirectiveVisitor(pc", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 507| .getCompiler(), tagLibInfo, name, path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 508|-> page.visit(tagFileVisitor);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 509| tagFileVisitor.postCheck();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 510| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagLibraryInfoImpl.(org.apache.jasper.JspCompilationContext, org.apache.jasper.compiler.ParserController, org.apache.jasper.compiler.PageInfo, java.lang.String, java.lang.String, org.apache.tomcat.util.descriptor.tld.TldResourcePath, org.apache.jasper.compiler.ErrorDispatcher)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 120, + "event": "path", + "message": "Condition \"tldResourcePath == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 129, + "event": "path", + "message": "Condition \"pageInfo != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 133, + "event": "path", + "message": "Condition \"path != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 140, + "event": "path", + "message": "Condition \"jar != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 175, + "event": "path", + "message": "Condition \"tldResourcePath.getUrl() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 180, + "event": "path", + "message": "Condition \"taglibXml == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 180, + "event": "var_compare_op", + "message": "Comparing \"taglibXml\" to null implies that \"taglibXml\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 187, + "event": "null_method_call", + "message": "Calling a method on null object \"taglibXml\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| // Never null. jspError always throws an Exception", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| // Slightly convoluted so the @SuppressWarnings has minimal scope", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187|-> @SuppressWarnings(\"null\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| String v = taglibXml.getJspVersion();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189| this.jspversion = v;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagLibraryInfoImpl.createTagFileInfo(org.apache.tomcat.util.descriptor.tld.TagFileXml, org.apache.tomcat.Jar)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 322, + "event": "path", + "message": "Condition \"path == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 322, + "event": "var_compare_op", + "message": "Comparing \"path\" to null implies that \"path\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 325, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 329, + "event": "path", + "message": "Condition \"jar == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 329, + "event": "null_method_call", + "message": "Calling a method on null object \"path\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329|-> if (jar == null && path.startsWith(\"/META-INF/tags\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| // This is a tag file that was packaged in a JAR that has been", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| // unpacked into /WEB-INF/classes (probably by an IDE). Adjust the", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.TldCache.getLastModified(org.apache.tomcat.util.descriptor.tld.TldResourcePath)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 128, + "event": "path", + "message": "Condition \"webappPath != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 131, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 15 out of 21 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 131, + "event": "var_assigned", + "message": "Assigning: \"url\" = \"null\" return value from \"getResource\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 132, + "event": "null_method_call", + "message": "Calling a method on null object \"url\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/NamingContextListener.java", + "line": 868, + "event": "example_assign", + "message": "Example 1: Assigning: \"wsdlURL\" = return value from \"((org.apache.catalina.Context)container).getServletContext().getResource(service.getWsdlfile())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/core/NamingContextListener.java", + "line": 874, + "event": "example_checked", + "message": "Example 1 (cont.): \"wsdlURL\" has its value checked in \"wsdlURL == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 172, + "event": "example_assign", + "message": "Example 2: Assigning: \"resource\" = return value from \"servletContext.getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 173, + "event": "example_checked", + "message": "Example 2 (cont.): \"resource\" has its value checked in \"resource == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java", + "line": 476, + "event": "example_assign", + "message": "Example 3: Assigning: \"url\" = return value from \"context.getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java", + "line": 477, + "event": "example_checked", + "message": "Example 3 (cont.): \"url\" has its value checked in \"url == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2005, + "event": "example_assign", + "message": "Example 4: Assigning: \"url\" = return value from \"servletContext.getResource(\"/WEB-INF/web.xml\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2012, + "event": "example_checked", + "message": "Example 4 (cont.): \"url\" has its value checked in \"url == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebappServiceLoader.java", + "line": 167, + "event": "example_assign", + "message": "Example 5: Assigning: \"jarUrl\" = return value from \"servletContext.getResource(\"/WEB-INF/lib/\" + lib)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/startup/WebappServiceLoader.java", + "line": 168, + "event": "example_checked", + "message": "Example 5 (cont.): \"jarUrl\" has its value checked in \"jarUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| // the class path but not part of the web application", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| URL url = servletContext.getResource(tldResourcePath.getWebappPath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132|-> URLConnection conn = url.openConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| result[0] = conn.getLastModified();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| if (\"file\".equals(url.getProtocol())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.jasper.compiler.Validator$DirectiveVisitor.visit(org.apache.jasper.compiler.Node$IncludeDirective)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 103, + "event": "save", + "message": "Saving non-local \"pageEncodingSeen\" in local \"pageEncodingSeenSave\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 104, + "event": "modify", + "message": "Modifying non-local \"pageEncodingSeen\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "exception", + "message": "Value of non-local \"pageEncodingSeen\" that was saved in \"pageEncodingSeenSave\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "remediation", + "message": "Did you intend to enclose the code in a try block and handle restoring \"pageEncodingSeen\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "path", + "message": "Throwing \"org.apache.jasper.JasperException\" (or subclass) from call to \"visitBody\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/compiler/Validator.java", + "line": 106, + "event": "restore_example", + "message": "The original value of non-local \"pageEncodingSeen\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| boolean pageEncodingSeenSave = pageEncodingSeen;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| pageEncodingSeen = false;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> visitBody(n);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| pageEncodingSeen = pageEncodingSeenSave;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.runtime.JspRuntimeLibrary.include(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.String, javax.servlet.jsp.JspWriter, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 980, + "event": "path", + "message": "Condition \"flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 980, + "event": "path", + "message": "Condition \"!(out instanceof javax.servlet.jsp.tagext.BodyContent)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 992, + "event": "returned_null", + "message": "\"getRequestDispatcher\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 992, + "event": "var_assigned", + "message": "Assigning: \"rd\" = \"null\" return value from \"getRequestDispatcher\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 994, + "event": "null_method_call", + "message": "Calling a method on null object \"rd\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 992| RequestDispatcher rd = request.getRequestDispatcher(resourcePath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 993| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 994|-> rd.include(request,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 995| new ServletResponseWrapperInclude(response, out));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 996| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.jasper.servlet.JspServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 284, + "event": "path", + "message": "Condition \"jspUri == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 291, + "event": "path", + "message": "Condition \"jspUri != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 299, + "event": "path", + "message": "Condition \"pathInfo != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 302, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 316, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.jasper.servlet.JspServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 63, + "event": "thread_shared_derived", + "message": "\"org.apache.jasper.servlet.JspServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 278, + "event": "thread_entry_point", + "message": "\"service\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"context\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "write", + "message": "\"context\" is modified in call to \"getRealPath\". (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.getRealPath\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| log.debug(\"\\t ServletPath: \" + request.getServletPath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| log.debug(\"\\t PathInfo: \" + request.getPathInfo());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320|-> log.debug(\"\\t RealPath: \" + context.getRealPath(jspUri));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| log.debug(\"\\t RequestURI: \" + request.getRequestURI());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| log.debug(\"\\t QueryString: \" + request.getQueryString());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.juli.logging.LogFactory.()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/juli/logging/LogFactory.java", + "line": 88, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getDefault\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/juli/logging/LogFactory.java", + "line": 88, + "event": "leaked_resource", + "message": "Ignoring resource created by \"java.nio.file.FileSystems.getDefault()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| * a fix.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88|-> FileSystems.getDefault();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| // Look via a ServiceLoader for a Log implementation that has a", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.NamingContext.lookup(javax.naming.Name, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 828, + "event": "path", + "message": "Condition \"!name.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 828, + "event": "path", + "message": "Condition \"name.get(0).length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 831, + "event": "path", + "message": "Condition \"name.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 838, + "event": "path", + "message": "Condition \"entry == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 843, + "event": "path", + "message": "Condition \"name.size() > 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 852, + "event": "path", + "message": "Condition \"resolveLinks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 852, + "event": "path", + "message": "Condition \"entry.type == 1 /* org.apache.naming.NamingEntry.LINK_REF */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 860, + "event": "path", + "message": "Condition \"entry.type == 2 /* org.apache.naming.NamingEntry.REFERENCE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 863, + "event": "path", + "message": "Condition \"!org.apache.naming.NamingContext.GRAAL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 865, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 874, + "event": "path", + "message": "Condition \"entry.value instanceof org.apache.naming.ResourceRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 875, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 51 out of 67 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 875, + "event": "null_method_call", + "message": "Calling a method on null object \"((org.apache.naming.ResourceRef)entry.value).get(\"singleton\")\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 3: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 3 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 4: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 4 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 75, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 76, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 873| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 874| if (entry.value instanceof ResourceRef) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 875|-> boolean singleton = Boolean.parseBoolean(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 876| (String) ((ResourceRef) entry.value).get(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 877| \"singleton\").getContent());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.factory.DataSourceLinkFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 60, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 51 out of 67 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 60, + "event": "var_assigned", + "message": "Assigning: \"passAttr\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "path", + "message": "Condition \"userAttr.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "null_method_call", + "message": "Calling a method on null object \"passAttr\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 3: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 3 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 4: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 4 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 75, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 76, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| RefAddr userAttr = ref.get(\"username\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| RefAddr passAttr = ref.get(\"password\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.factory.DataSourceLinkFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 59, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 51 out of 67 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 59, + "event": "var_assigned", + "message": "Assigning: \"userAttr\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "null_method_call", + "message": "Calling a method on null object \"userAttr\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 3: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 3 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 4: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 4 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 75, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 76, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| RefAddr userAttr = ref.get(\"username\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| RefAddr passAttr = ref.get(\"password\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": ".run", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 100, + "event": "path", + "message": "Condition \"list.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 111, + "event": "path", + "message": "Condition \"fromAddr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 112, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 51 out of 67 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 112, + "event": "null_method_call", + "message": "Calling a method on null object \"ref.get(\"mail.from\")\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 3: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 3 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 4: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 4 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 75, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 76, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| String from = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| if (fromAddr != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112|-> from = (String)ref.get(\"mail.from\").getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| if (from != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.buildutil.translate.Import.main(java.lang.String[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 33, + "event": "returned_null", + "message": "\"listFiles\" returns \"null\" (checked 5 out of 6 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 33, + "event": "null_array_length", + "message": "Accessing length of null array \"root.listFiles()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/util/ExtensionValidator.java", + "line": 343, + "event": "example_assign", + "message": "Example 1: Assigning: \"files\" = return value from \"targetDir.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/util/ExtensionValidator.java", + "line": 344, + "event": "example_checked", + "message": "Example 1 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/DirResourceSet.java", + "line": 157, + "event": "example_assign", + "message": "Example 2: Assigning: \"list\" = return value from \"f.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/DirResourceSet.java", + "line": 158, + "event": "example_checked", + "message": "Example 2 (cont.): \"list\" has its value checked in \"list != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Utils.java", + "line": 108, + "event": "example_assign", + "message": "Example 3: Assigning: \"files\" = return value from \"dir.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Utils.java", + "line": 109, + "event": "example_checked", + "message": "Example 3 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 98, + "event": "example_assign", + "message": "Example 4: Assigning: \"files\" = return value from \"directory.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 99, + "event": "example_checked", + "message": "Example 4 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 201, + "event": "example_assign", + "message": "Example 5: Assigning: \"files\" = return value from \"directory.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 202, + "event": "example_checked", + "message": "Example 5 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| File root = new File(Constants.STORAGE_DIR);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> for (File f : root.listFiles()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| // Not robust but good enough", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| if (f.isFile() && f.getName().startsWith(Constants.L10N_PREFIX)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.buildutil.translate.Import.processFile(java.io.File)", + "language": "java", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 56, + "event": "path", + "message": "Iterating over another element of \"objKeys\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 60, + "event": "path", + "message": "Condition \"value.trim().length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 61, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 83, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 56, + "event": "path", + "message": "Iterating over another element of \"objKeys\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 60, + "event": "path", + "message": "Condition \"value.trim().length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 65, + "event": "path", + "message": "Condition \"!cKey.pkg.equals(currentPkg)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 67, + "event": "path", + "message": "Condition \"w != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 71, + "event": "new_resource", + "message": "\"new java.io.FileOutputStream(outFile)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 71, + "event": "var_assign", + "message": "Assigning: \"fos\" = resource returned from \"new java.io.FileOutputStream(outFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 72, + "event": "var_assign", + "message": "Assigning: \"w\" = resource returned from \"new java.io.OutputStreamWriter(fos, java.nio.charset.StandardCharsets.UTF_8)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 73, + "event": "noescape", + "message": "Resource \"w\" is not closed or saved in \"insertLicense\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 74, + "event": "leaked_resource", + "message": "Variable \"fos\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 76, + "event": "path", + "message": "Condition \"!currentGroup.equals(cKey.group)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "noescape", + "message": "Resource \"w\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "leaked_resource", + "message": "Variable \"w\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| if (!currentGroup.equals(cKey.group)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| currentGroup = cKey.group;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78|-> w.write(System.lineSeparator());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.validatePropertyNames(javax.naming.Reference, javax.naming.Name, java.util.List, java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 259, + "event": "path", + "message": "Condition \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 259, + "event": "var_compare_op", + "message": "Comparing \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\" to null implies that \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 274, + "event": "path", + "message": "Condition \"allRefAddrs.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 279, + "event": "path", + "message": "Condition \"allPropsAsList.contains(propertyName)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 279, + "event": "null_method_call", + "message": "Calling a method on null object \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 277| // If property name is not in the properties list, we haven't warned on it", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278| // and it is not in the \"silent\" list, tell user we are ignoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279|-> if (!(allPropsAsList.contains(propertyName) || NUPROP_WARNTEXT.containsKey(propertyName)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280| || SILENT_PROPERTIES.contains(propertyName))) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 281| final String propertyValue = ra.getContent().toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.createDataSource(java.util.Properties)", + "language": "java", + "tool": "coverity", + "key_event_idx": 80, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 300, + "event": "new_resource", + "message": "Created a new object of type \"org.apache.tomcat.dbcp.dbcp2.BasicDataSource\", which implements \"java.lang.AutoCloseable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 300, + "event": "var_assign", + "message": "Assigning: \"dataSource\" = resource returned from \"new org.apache.tomcat.dbcp.dbcp2.BasicDataSource()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 302, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 303, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDefaultAutoCommit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 307, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 308, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDefaultReadOnly\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 312, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 314, + "event": "path", + "message": "Condition \"\"NONE\".equalsIgnoreCase(value)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 316, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 334, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDefaultTransactionIsolation\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 338, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 339, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDefaultCatalog\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 343, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 344, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDefaultSchema\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 348, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 349, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setCacheState\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 353, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 354, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setDriverClassName\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 358, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 359, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setLifo\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 363, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 364, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMaxTotal\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 368, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 369, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMaxIdle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 373, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 374, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMinIdle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 378, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 379, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setInitialSize\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 383, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 384, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMaxWaitMillis\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 388, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 389, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setTestOnCreate\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 393, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 394, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setTestOnBorrow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 398, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 399, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setTestOnReturn\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 403, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 404, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setTimeBetweenEvictionRunsMillis\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 408, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 409, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setNumTestsPerEvictionRun\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 413, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 414, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMinEvictableIdleTimeMillis\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 418, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 419, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setSoftMinEvictableIdleTimeMillis\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 423, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 424, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setEvictionPolicyClassName\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 428, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 429, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setTestWhileIdle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 433, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 434, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setPassword\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 438, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 439, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setUrl\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 443, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 444, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setUsername\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 448, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 449, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setValidationQuery\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 453, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 454, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setValidationQueryTimeout\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 458, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 459, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setAccessToUnderlyingConnectionAllowed\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 463, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 464, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setRemoveAbandonedOnBorrow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 468, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 469, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setRemoveAbandonedOnMaintenance\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 473, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 474, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setRemoveAbandonedTimeout\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 478, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 479, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setLogAbandoned\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 483, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 484, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setAbandonedUsageTracking\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 488, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 489, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setPoolPreparedStatements\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 493, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 494, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setClearStatementPoolOnReturn\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 498, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 499, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setMaxOpenPreparedStatements\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 503, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 504, + "event": "noescape", + "message": "Resource \"dataSource\" is not closed or saved in \"setConnectionInitSqls\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 508, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 509, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"getProperties\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 509, + "event": "leaked_resource", + "message": "Variable \"dataSource\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 507| value = properties.getProperty(PROP_CONNECTION_PROPERTIES);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 508| if (value != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 509|-> final Properties p = getProperties(value);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 510| final Enumeration e = p.propertyNames();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 511| while (e.hasMoreElements()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.makeObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 369, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"createConnection\". (The virtual call resolves to \"org.apache.tomcat.dbcp.dbcp2.DataSourceConnectionFactory.createConnection\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 369, + "event": "var_assign", + "message": "Assigning: \"conn\" = JDBC connection returned from \"connectionFactory.createConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 370, + "event": "path", + "message": "Condition \"conn == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 374, + "event": "noescape", + "message": "Resource \"conn\" is not closed or saved in \"initializeConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 375, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 388, + "event": "path", + "message": "Condition \"poolStatements\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 415, + "event": "path", + "message": "Condition \"dataSourceJmxObjectName == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 418, + "event": "path", + "message": "Throwing \"javax.management.MalformedObjectNameException\" from call to \"ObjectName\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 418, + "event": "leaked_connection", + "message": "Variable \"conn\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| connJmxName = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418|-> connJmxName = new ObjectName(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| dataSourceJmxObjectName.toString() + Constants.JMX_CONNECTION_BASE_EXT + connIndex);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.PoolingConnection.destroyObject(org.apache.tomcat.dbcp.dbcp2.PStmtKey, org.apache.tomcat.dbcp.pool2.PooledObject)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java", + "line": 296, + "event": "returned_null", + "message": "\"getInnermostDelegate\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java", + "line": 296, + "event": "null_method_call", + "message": "Calling a method on null object \"(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| public void destroyObject(final PStmtKey key, final PooledObject pooledObject)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296|-> pooledObject.getObject().getInnermostDelegate().close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 298| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.cpdsadapter.PooledConnectionImpl.destroyObject(org.apache.tomcat.dbcp.dbcp2.PStmtKey, org.apache.tomcat.dbcp.pool2.PooledObject)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java", + "line": 341, + "event": "returned_null", + "message": "\"getInnermostDelegate\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java", + "line": 341, + "event": "null_method_call", + "message": "Calling a method on null object \"(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| public void destroyObject(final PStmtKey key, final PooledObject pooledObject)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340| throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341|-> pooledObject.getObject().getInnermostDelegate().close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 342| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 343| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.getPooledConnectionAndInfo(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 538, + "event": "path", + "message": "Condition \"manager == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 542, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 551, + "event": "path", + "message": "Throwing \"java.sql.SQLException\" (or subclass) from call to \"borrowObject\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 554, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 558, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 568, + "event": "returned_null", + "message": "\"getPool\" returns \"null\" (checked 2 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 568, + "event": "var_assigned", + "message": "Assigning: \"pool\" = \"null\" return value from \"getPool\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 569, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 573, + "event": "null_method_call", + "message": "Calling a method on null object \"pool\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"pool\" = return value from \"getPool(getPoolKey(userName))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"pool\" has its value checked in \"pool == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 182, + "event": "example_assign", + "message": "Example 2: Assigning: \"pool\" = return value from \"getPool(getPoolKey(userName))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 183, + "event": "example_checked", + "message": "Example 2 (cont.): \"pool\" has its value checked in \"pool == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 571| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 572| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573|-> info = pool.borrowObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| } catch (final Exception ex) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| throw new SQLException(\"Could not retrieve connection info from pool\", ex);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.readObject(java.io.ObjectInputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 615, + "event": "returned_null", + "message": "\"getObjectInstance\" returns \"null\" (checked 2 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 615, + "event": "var_assigned", + "message": "Assigning: \"oldDS\" = \"null\" return value from \"getObjectInstance\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 617, + "event": "null_field_access", + "message": "Accessing field of null object \"oldDS\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 872, + "event": "example_assign", + "message": "Example 1: Assigning: \"obj\" = return value from \"factory.getObjectInstance(entry.value, name, this, env)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 883, + "event": "example_checked", + "message": "Example 1 (cont.): \"obj\" has its value checked in \"obj == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 117, + "event": "example_assign", + "message": "Example 2: Assigning: \"result\" = return value from \"factory.getObjectInstance(obj, name, nameCtx, environment)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 127, + "event": "example_checked", + "message": "Example 2 (cont.): \"result\" has its value checked in \"result != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 615| final PerUserPoolDataSource oldDS = (PerUserPoolDataSource) new PerUserPoolDataSourceFactory()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 616| .getObjectInstance(getReference(), null, null, null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 617|-> this.managers = oldDS.managers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 618| } catch (final NamingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 619| throw new IOException(\"NamingException: \" + e);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSourceFactory.getNewInstance(javax.naming.Reference)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 41, + "event": "new_resource", + "message": "Created a new object of type \"org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\", which implements \"java.lang.AutoCloseable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 41, + "event": "var_assign", + "message": "Assigning: \"pupds\" = resource returned from \"new org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 43, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 48, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 53, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 58, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 64, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 70, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 76, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 82, + "event": "path", + "message": "Condition \"ra != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 88, + "event": "path", + "message": "Condition \"ra != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 88, + "event": "path", + "message": "Condition \"ra.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 90, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"deserialize\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 90, + "event": "leaked_resource", + "message": "Variable \"pupds\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| if (ra != null && ra.getContent() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| final byte[] serialized = (byte[]) ra.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90|-> pupds.setPerUserDefaultReadOnly((Map) deserialize(serialized));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| return pupds;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.readObject(java.io.ObjectInputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 230, + "event": "returned_null", + "message": "\"getObjectInstance\" returns \"null\" (checked 2 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 230, + "event": "var_assigned", + "message": "Assigning: \"oldDS\" = \"null\" return value from \"getObjectInstance\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 232, + "event": "null_field_access", + "message": "Accessing field of null object \"oldDS\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 872, + "event": "example_assign", + "message": "Example 1: Assigning: \"obj\" = return value from \"factory.getObjectInstance(entry.value, name, this, env)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/NamingContext.java", + "line": 883, + "event": "example_checked", + "message": "Example 1 (cont.): \"obj\" has its value checked in \"obj == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 117, + "event": "example_assign", + "message": "Example 2: Assigning: \"result\" = return value from \"factory.getObjectInstance(obj, name, nameCtx, environment)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 127, + "event": "example_checked", + "message": "Example 2 (cont.): \"result\" has its value checked in \"result != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| final SharedPoolDataSource oldDS = (SharedPoolDataSource) new SharedPoolDataSourceFactory()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231| .getObjectInstance(getReference(), null, null, null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232|-> this.pool = oldDS.pool;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| } catch (final NamingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 234| throw new IOException(\"NamingException: \" + e);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSourceFactory.getNewInstance(javax.naming.Reference)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 37, + "event": "new_resource", + "message": "Created a new object of type \"org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\", which implements \"java.lang.AutoCloseable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 37, + "event": "var_assign", + "message": "Assigning: \"spds\" = resource returned from \"new org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 39, + "event": "path", + "message": "Condition \"ra != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 39, + "event": "path", + "message": "Condition \"ra.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 40, + "event": "path", + "message": "Throwing \"java.lang.NumberFormatException\" from call to \"parseInt\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 40, + "event": "leaked_resource", + "message": "Variable \"spds\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| final RefAddr ra = ref.get(\"maxTotal\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| if (ra != null && ra.getContent() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40|-> spds.setMaxTotal(Integer.parseInt(ra.getContent().toString()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| return spds;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.managed.DataSourceXAConnectionFactory.createConnection()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 144, + "event": "path", + "message": "Condition \"userName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 146, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 151, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 151, + "event": "var_assign", + "message": "Assigning: \"connection\" = resource returned from \"xaConnection.getConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 152, + "event": "path", + "message": "Throwing \"java.sql.SQLException\" (or subclass) from call to \"getXAResource\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 152, + "event": "leaked_resource", + "message": "Variable \"connection\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| // get the real connection and XAResource from the connection", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| final Connection connection = xaConnection.getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152|-> final XAResource xaResource = xaConnection.getXAResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154| // register the xa resource for the connection", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.managed.DataSourceXAConnectionFactory.createConnection()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 144, + "event": "path", + "message": "Condition \"userName == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 147, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"getXAConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 147, + "event": "var_assign", + "message": "Assigning: \"xaConnection\" = JDBC connection returned from \"xaDataSource.getXAConnection(userName, org.apache.tomcat.dbcp.dbcp2.Utils.toString(userPassword))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 151, + "event": "noescape", + "message": "Resource \"xaConnection\" is not closed or saved in \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 180, + "event": "leaked_connection", + "message": "Variable \"xaConnection\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| });", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180|-> return connection;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 181| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 182| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "org.apache.tomcat.dbcp.pool2.PoolUtils$SynchronizedPooledObjectFactory.makeObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1163, + "event": "lock_acquire", + "message": "Calling \"lock\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1165, + "event": "lock_order", + "message": "Acquiring lock \"BaseGenericObjectPool.evictionLock\" while holding \"SynchronizedPooledObjectFactory.writeLock.lock()\" conflicts with the lock order established elsewhere. (The virtual call resolves to \"org.apache.tomcat.dbcp.dbcp2.managed.PoolableManagedConnectionFactory.makeObject\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 745, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 805, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"destroy\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\" while holding \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 745, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 802, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"activateObject\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\" while holding \"BaseGenericObjectPool.evictionLock\". (The virtual call resolves to \"org.apache.tomcat.dbcp.pool2.PoolUtils.SynchronizedPooledObjectFactory.activateObject\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 745, + "event": "lock_acquire", + "message": "Example 3: Acquiring lock \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 796, + "event": "example_lock_order", + "message": "Example 3 (cont.): Calling \"destroy\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\" while holding \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1163| writeLock.lock();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1164| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1165|-> return factory.makeObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1166| } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1167| writeLock.unlock();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.dbcp.pool2.PoolUtils$ErodingFactor.update(long, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1402, + "event": "read_volatile", + "message": "Reading \"idleHighWaterMark\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1402, + "event": "intervening_update", + "message": "Another thread writes to \"idleHighWaterMark\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1402, + "event": "stale_update", + "message": "Updating \"idleHighWaterMark\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1400| public void update(final long now, final int numIdle) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1401| final int idle = Math.max(0, numIdle);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1402|-> idleHighWaterMark = Math.max(idle, idleHighWaterMark);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1403| final float maxInterval = 15f;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1404| final float minutes = maxInterval +", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 178, + "event": "return_collection_alias", + "message": "Call to \"entrySet\" returns an \"Iterable\" equivalent to \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 178, + "event": "enhanced_for", + "message": "Starting an iteration on \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 178, + "event": "path", + "message": "Iterating over another element of \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 179, + "event": "path", + "message": "Condition \"(java.lang.ref.Reference)entry.getKey().get() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 181, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap\" which invalidates the iterator for the loop on \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 183, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 178, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| public void run() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| synchronized (EvictionTimer.class) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178|-> for (Entry, WeakRunner> entry : taskMap.entrySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179| if (entry.getKey().get() == null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180| executor.remove(entry.getValue());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool.getFactoryType()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 1138, + "event": "path", + "message": "Condition \"factoryType == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 1142, + "event": "returned_null", + "message": "\"getFactoryType\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 1142, + "event": "var_assigned", + "message": "Assigning: \"pooledObjectType\" = \"null\" return value from \"getFactoryType\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 1144, + "event": "null_method_call", + "message": "Calling a method on null object \"pooledObjectType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1142| final Class pooledObjectType =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1143| PoolImplUtils.getFactoryType(factory.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1144|-> result.append(pooledObjectType.getName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1145| result.append('>');", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1146| factoryType = result.toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.PoolImplUtils.getGenericType(java.lang.Class, java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 78, + "event": "path", + "message": "Condition \"type == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 78, + "event": "path", + "message": "Condition \"clazz == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 85, + "event": "path", + "message": "Condition \"pi != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 94, + "event": "path", + "message": "Condition \"result instanceof java.lang.Class\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 97, + "event": "path", + "message": "Condition \"result instanceof java.lang.Integer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 100, + "event": "returned_null", + "message": "\"getGenericSuperclass\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 100, + "event": "var_assigned", + "message": "Assigning: \"superClassType\" = \"null\" return value from \"getGenericSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 101, + "event": "null_method_call", + "message": "Calling a method on null object \"superClassType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| // Map that unknown type to the generic types defined in this class", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| final ParameterizedType superClassType = (ParameterizedType) clazz.getGenericSuperclass();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101|-> return getTypeParameter(clazz, superClassType.getActualTypeArguments()[((Integer) result).intValue()]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| // Error will be logged further up the call stack", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.SecurityManagerCallStack$PrivateSecurityManager.getCallStack()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java", + "line": 99, + "event": "returned_null", + "message": "\"getClassContext\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java", + "line": 99, + "event": "var_assigned", + "message": "Assigning: \"classes\" = \"null\" return value from \"getClassContext\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SecurityManagerCallStack.java", + "line": 100, + "event": "null_array_length", + "message": "Accessing length of null array \"classes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| private List>> getCallStack() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| final Class[] classes = getClassContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100|-> final List>> stack = new ArrayList<>(classes.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| for (final Class klass : classes) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| stack.add(new WeakReference>(klass));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool.borrowObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 122, + "event": "path", + "message": "Condition \"null == obj\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 123, + "event": "path", + "message": "Condition \"idleReferences.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 134, + "event": "returned_null", + "message": "\"idleReferences.pollFirst()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 134, + "event": "var_assigned", + "message": "Assigning: \"ref\" = \"null\" return value from \"pollFirst\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 135, + "event": "null_method_call", + "message": "Calling a method on null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| ref = idleReferences.pollFirst();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 135|-> obj = ref.getObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 136| // Clear the reference so it will not be queued, but replace with a", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 137| // a new, non-registered reference so we can still track this object", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.IntrospectionUtils.findMethod(java.lang.Class, java.lang.String, java.lang.Class[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 422, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 423, + "event": "path", + "message": "Condition \"method.getName().equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "path", + "message": "Condition \"params == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "var_compare_op", + "message": "Comparing \"params\" to null implies that \"params\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "path", + "message": "Condition \"methodParams.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 428, + "event": "null_array_length", + "message": "Accessing length of null array \"params\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 426| return method;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428|-> if (params.length != methodParams.length) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.B2CConverter.(java.nio.charset.Charset, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 88, + "event": "path", + "message": "Condition \"replaceOnError\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 90, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 96, + "event": "path", + "message": "Condition \"charset.equals(java.nio.charset.StandardCharsets.UTF_8)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 99, + "event": "returned_null", + "message": "\"newDecoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 99, + "event": "var_assigned", + "message": "Assigning: \"decoder\" = \"null\" return value from \"newDecoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 101, + "event": "null_method_call", + "message": "Calling a method on null object \"decoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| decoder = charset.newDecoder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101|-> decoder.onMalformedInput(action);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| decoder.onUnmappableCharacter(action);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.C2BConverter.(java.nio.charset.Charset)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 42, + "event": "returned_null", + "message": "\"newEncoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newEncoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 42, + "event": "var_assigned", + "message": "Assigning: \"encoder\" = \"null\" return value from \"newEncoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 43, + "event": "null_method_call", + "message": "Calling a method on null object \"encoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| public C2BConverter(Charset charset) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| encoder = charset.newEncoder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> encoder.onUnmappableCharacter(CodingErrorAction.REPLACE)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| .onMalformedInput(CodingErrorAction.REPLACE);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| char[] left = new char[4];", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.CharsetUtil.isAsciiSuperset(java.nio.charset.Charset)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 35, + "event": "returned_null", + "message": "\"newDecoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 35, + "event": "var_assigned", + "message": "Assigning: \"decoder\" = \"null\" return value from \"newDecoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 38, + "event": "path", + "message": "Condition \"i < 128\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 43, + "event": "null_method_call", + "message": "Calling a method on null object \"decoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| inBytes.flip();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> outChars = decoder.decode(inBytes);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| } catch (CharacterCodingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| return false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.digester.CallMethodRule.end(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 281, + "event": "path", + "message": "Condition \"paramCount > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "var_compare_op", + "message": "Comparing \"paramTypes\" to null implies that \"paramTypes\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 316, + "event": "null_array_length", + "message": "Accessing length of null array \"paramTypes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 314| // We only do the conversion if the param value is a String and", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| // the specified paramType is not String.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316|-> Object paramValues[] = new Object[paramTypes.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| for (int i = 0; i < paramTypes.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| // convert nulls and convert stringy parameters", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.digester.CallMethodRule.end(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 280, + "event": "assign_zero", + "message": "Assigning: \"parameters\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 281, + "event": "path", + "message": "Condition \"paramCount > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes.length != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 317, + "event": "path", + "message": "Condition \"i < paramTypes.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 320, + "event": "null_array_access", + "message": "Accessing an element on null array \"parameters\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| // convert nulls and convert stringy parameters", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| // for non-stringy param types", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320|-> Object param = parameters[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| // Tolerate null non-primitive values", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| if(null == param && !paramTypes[i].isPrimitive()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.http.fileupload.disk.DiskFileItem.getSize()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 269, + "event": "path", + "message": "Condition \"size >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 271, + "event": "path", + "message": "Condition \"cachedContent != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 273, + "event": "path", + "message": "Condition \"dfos.isInMemory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 274, + "event": "returned_null", + "message": "\"getData\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 274, + "event": "null_array_length", + "message": "Accessing length of null array \"dfos.getData()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| return cachedContent.length;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| } else if (dfos.isInMemory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274|-> return dfos.getData().length;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| return dfos.getFile().length();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.modeler.Registry.registerComponent(java.lang.Object, javax.management.ObjectName, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 629, + "event": "path", + "message": "Condition \"org.apache.tomcat.util.modeler.Registry.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 633, + "event": "path", + "message": "Condition \"bean == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 639, + "event": "path", + "message": "Condition \"type == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 643, + "event": "returned_null", + "message": "\"findManagedBean\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.tomcat.util.modeler.NoDescriptorRegistry.findManagedBean\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 643, + "event": "var_assigned", + "message": "Assigning: \"managed\" = \"null\" return value from \"findManagedBean\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 646, + "event": "null_method_call", + "message": "Calling a method on null object \"managed\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 644| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 645| // The real mbean is created and registered", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 646|-> DynamicMBean mbean = managed.createMBean(bean);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 647| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 648| if (getMBeanServer().isRegistered(oname)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.modeler.modules.MbeansDescriptorsDigesterSource.createDigester()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 47, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 3 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 47, + "event": "var_assigned", + "message": "Assigning: \"url\" = \"null\" return value from \"getResource\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 49, + "event": "null_method_call", + "message": "Calling a method on null object \"url\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java", + "line": 41, + "event": "example_assign", + "message": "Example 1: Assigning: \"classpathUrl\" = return value from \"(org.apache.catalina.webresources.ClasspathURLStreamHandler.class).getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java", + "line": 44, + "event": "example_checked", + "message": "Example 1 (cont.): \"classpathUrl\" has its value checked in \"classpathUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 154, + "event": "example_assign", + "message": "Example 2: Assigning: \"location\" = return value from \"org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_SERVLET_CONTEXT.getResource(\"resources/\" + name)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 155, + "event": "example_checked", + "message": "Example 2 (cont.): \"location\" has its value checked in \"location == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 156, + "event": "example_assign", + "message": "Example 3: Assigning: \"location\" = return value from \"org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_JSP_CONTEXT.getResource(\"resources/\" + name)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 158, + "event": "example_checked", + "message": "Example 3 (cont.): \"location\" has its value checked in \"location == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| URL url = Registry.getRegistry(null, null).getClass().getResource", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| (\"/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49|-> digester.register", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| (\"-//Apache Software Foundation//DTD Model MBeans Configuration File\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| url.toString());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 87, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 87, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"sslHostConfig.getCertificates(true)\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 87, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"sslHostConfig.getCertificates(true).iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 87, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 87, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 88, + "event": "identity", + "message": "Calling \"getSSLUtil\". This call assigns \"certificate\" to \"().certificate\". (The virtual call resolves to \"org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate)\".) Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 88, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"sslImplementation.getSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 97, + "event": "password_use", + "message": "Calling \"createSSLContext\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 97, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| SSLContext sslContext;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97|-> sslContext = sslUtil.createSSLContext(negotiableProtocols);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| throw new IllegalArgumentException(e.getMessage(), e);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 97, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AprEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 451, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 451, + "event": "assign", + "message": "Assigning: \"certificates\" = \"sslHostConfig.getCertificates(true)\". Now \"(certificates).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"certificates\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"certificates.iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "identity", + "message": "Calling \"OpenSSLUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 459, + "event": "password_use", + "message": "Calling \"createSSLContext\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 459, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 457| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 458| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 459|-> sslContext = (OpenSSLContext) sslUtil.createSSLContext(negotiableProtocols);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| throw new IllegalArgumentException(e.getMessage(), e);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 459, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AprEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 451, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 451, + "event": "assign", + "message": "Assigning: \"certificates\" = \"sslHostConfig.getCertificates(true)\". Now \"(certificates).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"certificates\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"certificates.iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 452, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 464, + "event": "identity", + "message": "Calling \"OpenSSLUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 464, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 465, + "event": "password_use", + "message": "Calling \"getKeyManagers\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers()\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 465, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| SSLUtil sslUtil = new OpenSSLUtil(certificate);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 465|-> KeyManager[] kms = sslUtil.getKeyManagers();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 466| certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 467| sslContext.addCertificate(certificate);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 465, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.util.net.AprEndpoint$SocketList.add(long, long, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 966, + "event": "path", + "message": "Condition \"size == sockets.length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 969, + "event": "path", + "message": "Condition \"i < size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 970, + "event": "path", + "message": "Condition \"sockets[i] == socket\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 974, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 969, + "event": "path", + "message": "Condition \"i < size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 978, + "event": "read_volatile", + "message": "Reading \"size\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 978, + "event": "intervening_update", + "message": "Another thread writes to \"size\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 978, + "event": "stale_update", + "message": "Updating \"size\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 966, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"size\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 976| timeouts[size] = timeout;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 977| flags[size] = flag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 978|-> size++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 979| return true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 980| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.util.net.AprEndpoint$SocketList.remove(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 984, + "event": "path", + "message": "Condition \"i < size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 985, + "event": "path", + "message": "Condition \"sockets[i] == socket\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 989, + "event": "read_volatile", + "message": "Reading \"size\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 989, + "event": "intervening_update", + "message": "Another thread writes to \"size\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 989, + "event": "stale_update", + "message": "Updating \"size\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 966, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"size\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 987| timeouts[i] = timeouts[size - 1];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 988| flags[size] = flags[size -1];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 989|-> size--;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 990| return true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 991| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper$AprOperationState.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2706, + "event": "path", + "message": "Condition \"getError() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2709, + "event": "path", + "message": "Condition \"!completionDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2719, + "event": "path", + "message": "Condition \"i < length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2720, + "event": "path", + "message": "Condition \"buffers[i + offset].hasRemaining()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2722, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2725, + "event": "path", + "message": "Condition \"buffer == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2725, + "event": "var_compare_op", + "message": "Comparing \"buffer\" to null implies that \"buffer\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2725, + "event": "path", + "message": "Condition \"flushBytes == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2730, + "event": "path", + "message": "Condition \"read\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2733, + "event": "path", + "message": "Condition \"block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2733, + "event": "path", + "message": "Condition \"!flush(block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2734, + "event": "path", + "message": "Condition \"flushBytes > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2739, + "event": "null_method_call", + "message": "Calling a method on null object \"buffer\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2737| flushBytes = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2738| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2739|-> @SuppressWarnings(\"null\") // Not possible", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2740| int remaining = buffer.remaining();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2741| write(block == BlockingMode.BLOCK, buffer);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.processSendfile(org.apache.tomcat.util.net.SendfileDataBase)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1439, + "event": "path", + "message": "Condition \"data.fchannel == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1442, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"open\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1442, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"java.nio.channels.FileChannel.open(path, java.nio.file.StandardOpenOption.READ)\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1440| java.nio.file.Path path = new File(sendfileData.fileName).toPath();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1441| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1442|-> data.fchannel = java.nio.channels.FileChannel", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1443| .open(path, StandardOpenOption.READ).position(sendfileData.pos);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1444| } catch (IOException e) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.net.NioEndpoint.initServerSocket()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 238, + "event": "path", + "message": "Condition \"getUseInheritedChannel()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 247, + "event": "path", + "message": "Condition \"getUnixDomainSocketPath() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 251, + "event": "path", + "message": "Condition \"getUnixDomainSocketPathPermissions() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 255, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getFileSystem\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 255, + "event": "path", + "message": "Condition \"path.getFileSystem().supportedFileAttributeViews().contains(\"posix\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 255, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"path.getFileSystem()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 253| Set permissions =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 254| PosixFilePermissions.fromString(getUnixDomainSocketPathPermissions());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 255|-> if (path.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 256| FileAttribute> attrs = PosixFilePermissions.asFileAttribute(permissions);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 257| Files.setAttribute(path, attrs.name(), attrs.value());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketBufferHandler.expand(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "read_volatile", + "message": "Reading \"readBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "intervening_update", + "message": "Another thread writes to \"readBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "stale_update", + "message": "Updating \"readBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| public void expand(int newSize) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| configureReadBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222|-> readBuffer = ByteBufferUtils.expand(readBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| configureWriteBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224| writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketBufferHandler.expand(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "read_volatile", + "message": "Reading \"writeBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "intervening_update", + "message": "Another thread writes to \"writeBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "stale_update", + "message": "Updating \"writeBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| readBuffer = ByteBufferUtils.expand(readBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| configureWriteBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224|-> writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 225| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 226| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketWrapperBase.decrementKeepAlive()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 249, + "event": "read_volatile", + "message": "Reading \"keepAliveLeft\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 249, + "event": "intervening_update", + "message": "Another thread writes to \"keepAliveLeft\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 249, + "event": "stale_update", + "message": "Updating \"keepAliveLeft\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 247| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 248| public void setKeepAliveLeft(int keepAliveLeft) { this.keepAliveLeft = keepAliveLeft; }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 249|-> public int decrementKeepAlive() { return (--keepAliveLeft); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 250| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 251| public String getRemoteHost() {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketWrapperBase$VectoredIOCompletionHandler.completed(java.lang.Long, org.apache.tomcat.util.net.SocketWrapperBase$OperationState)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1059, + "event": "path", + "message": "Condition \"nBytes.longValue() < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1062, + "event": "read_volatile", + "message": "Reading \"state.nBytes\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1062, + "event": "intervening_update", + "message": "Another thread writes to \"state.nBytes\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1062, + "event": "stale_update", + "message": "Updating \"state.nBytes\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1060| failed(new EOFException(), state);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1061| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1062|-> state.nBytes += nBytes.longValue();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1063| CompletionState currentState = state.isInline() ? CompletionState.INLINE : CompletionState.DONE;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1064| boolean complete = true;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.net.openssl.OpenSSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 211, + "event": "path", + "message": "Condition \"initialized\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 216, + "event": "path", + "message": "Condition \"sslHostConfig.getInsecureRenegotiation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 218, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 224, + "event": "path", + "message": "Condition \"sslHostConfig.getHonorCipherOrder()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 226, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 231, + "event": "path", + "message": "Condition \"sslHostConfig.getDisableCompression()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 233, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 238, + "event": "path", + "message": "Condition \"sslHostConfig.getDisableSessionTickets()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 240, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 247, + "event": "path", + "message": "Condition \"certificate.getCertificateFile() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 255, + "event": "path", + "message": "Switch case value \"org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification.NONE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 258, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 271, + "event": "path", + "message": "Condition \"tms != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 291, + "event": "returned_null", + "message": "\"getAcceptedIssuers\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.tribes.membership.cloud.AbstractStreamProvider.1.getAcceptedIssuers\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 291, + "event": "null_array_length", + "message": "Accessing length of null array \"x509TrustManager.getAcceptedIssuers()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java", + "line": 99, + "event": "example_assign", + "message": "Example 1: Assigning: \"accepted\" = return value from \"((javax.net.ssl.X509TrustManager)tm).getAcceptedIssuers()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java", + "line": 100, + "event": "example_checked", + "message": "Example 1 (cont.): \"accepted\" has its value checked in \"accepted != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 289| // by the server during the handshake to allow the client choosing", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 290| // an acceptable certificate", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 291|-> for (X509Certificate caCert : x509TrustManager.getAcceptedIssuers()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.xreflection.ReflectionLessCodeGenerator.generateCode(java.io.File, java.lang.String, java.lang.String, java.util.Set)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 188, + "event": "new_resource", + "message": "\"new java.io.FileWriter(destination, false)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 188, + "event": "var_assign", + "message": "Assigning: \"writer\" = resource returned from \"new java.io.BufferedWriter(new java.io.FileWriter(destination, false))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "noescape", + "message": "Resource \"writer\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "leaked_resource", + "message": "Variable \"writer\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| File destination = new File(directory, className+\".java\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| BufferedWriter writer = new BufferedWriter(new FileWriter(destination, false));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189|-> writer.write(code.toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| writer.flush();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| writer.close();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.websocket.PerMessageDeflate.sendMessagePart(java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 329, + "event": "path", + "message": "Iterating over another element of \"uncompressedParts\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "path", + "message": "Condition \"emptyMessage\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "path", + "message": "Condition \"emptyPart\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "read_volatile", + "message": "Reading \"emptyMessage\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "intervening_update", + "message": "Another thread writes to \"emptyMessage\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "stale_update", + "message": "Updating \"emptyMessage\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| byte opCode = uncompressedPart.getOpCode();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| boolean emptyPart = uncompressedPart.getPayload().limit() == 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332|-> emptyMessage = emptyMessage && emptyPart;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| if (Util.isControl(opCode)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| // Control messages can appear in the middle of other messages", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.websocket.Util.getGenericType(java.lang.Class, java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 194, + "event": "path", + "message": "Iterating over another element of \"interfaces\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 196, + "event": "path", + "message": "Condition \"iface instanceof java.lang.reflect.ParameterizedType\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 199, + "event": "path", + "message": "Condition \"pi.getRawType() instanceof java.lang.Class\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 200, + "event": "path", + "message": "Condition \"type.isAssignableFrom((java.lang.Class)pi.getRawType())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 206, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 194, + "event": "path", + "message": "No elements left in \"interfaces\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 212, + "event": "path", + "message": "Condition \"superClazz == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 219, + "event": "path", + "message": "Condition \"superClassTypeResult.getIndex() == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 225, + "event": "path", + "message": "Condition \"superClassTypeResult.getIndex() > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 229, + "event": "returned_null", + "message": "\"getGenericSuperclass\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 229, + "event": "var_assigned", + "message": "Assigning: \"superClassType\" = \"null\" return value from \"getGenericSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/Util.java", + "line": 231, + "event": "null_method_call", + "message": "Calling a method on null object \"superClassType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| ParameterizedType superClassType =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| (ParameterizedType) clazz.getGenericSuperclass();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231|-> TypeResult result = getTypeParameter(clazz,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| superClassType.getActualTypeArguments()[", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| superClassTypeResult.getIndex()]);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase.swallowInput()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 671| long toSkip = Math.min(payloadLength - payloadWritten, inputBuffer.remaining());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 672| inputBuffer.position(inputBuffer.position() + (int) toSkip);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 673|-> payloadWritten += toSkip;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 674| if (payloadWritten == payloadLength) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 675| if (continuationExpected) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase$NoopTransformation.getMoreData(byte, boolean, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 969| dest.put(inputBuffer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 970| inputBuffer.limit(orgLimit);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 971|-> payloadWritten += toWrite;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 972| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 973| if (payloadWritten == payloadLength) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase$UnmaskTransformation.getMoreData(byte, boolean, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"payloadWritten < payloadLength\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"inputBuffer.remaining() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"dest.hasRemaining()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1009, + "event": "path", + "message": "Condition \"maskIndex == 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1010| maskIndex = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1011| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1012|-> payloadWritten++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1013| dest.put(b);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1014| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsWebSocketContainer.connectToServerRecursive(org.apache.tomcat.websocket.ClientEndpointHolder, javax.websocket.ClientEndpointConfig, java.net.URI, java.util.Set)", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 193, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 203, + "event": "path", + "message": "Condition \"\"ws\".equalsIgnoreCase(scheme)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 205, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 215, + "event": "path", + "message": "Condition \"host == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 227, + "event": "path", + "message": "Iterating over another element of \"proxies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 228, + "event": "path", + "message": "Condition \"proxy.type().equals(java.net.Proxy.Type.HTTP)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 230, + "event": "path", + "message": "Condition \"sa instanceof java.net.InetSocketAddress\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 232, + "event": "path", + "message": "Condition \"inet.isUnresolved()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 237, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 243, + "event": "path", + "message": "Condition \"port == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 244, + "event": "path", + "message": "Condition \"\"ws\".equalsIgnoreCase(scheme)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 246, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 253, + "event": "path", + "message": "Condition \"sa == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 263, + "event": "path", + "message": "Condition \"org.apache.tomcat.websocket.Constants.DEFAULT_ORIGIN_HEADER_VALUE != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 263, + "event": "path", + "message": "Condition \"!reqHeaders.containsKey(\"Origin\" /* org.apache.tomcat.websocket.Constants.ORIGIN_HEADER_NAME */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 273, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"open\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 273, + "event": "var_assign", + "message": "Assigning: \"socketChannel\" = resource returned from \"java.nio.channels.AsynchronousSocketChannel.open(getAsynchronousChannelGroup())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 274, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 284, + "event": "path", + "message": "Condition \"timeoutValue != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 285, + "event": "path", + "message": "Throwing \"java.lang.NumberFormatException\" from call to \"valueOf\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 285, + "event": "leaked_resource", + "message": "Variable \"socketChannel\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| String timeoutValue = (String) userProperties.get(Constants.IO_TIMEOUT_MS_PROPERTY);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (timeoutValue != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> timeout = Long.valueOf(timeoutValue).intValue();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.websocket.WsWebSocketContainer.createSSLEngine(java.util.Map, java.lang.String, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 918, + "event": "hardcoded_credential", + "message": "The constant string \"\"changeit\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 918, + "event": "assign", + "message": "Assigning: \"sslTrustStorePwdValue\" = \"\"changeit\"\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 924, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"sslTrustStorePwdValue\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 924, + "event": "password_use", + "message": "Calling \"load\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 924, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 922| KeyStore ks = KeyStore.getInstance(\"JKS\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 923| try (InputStream is = new FileInputStream(keyStoreFile)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 924|-> KeyStoreUtil.load(ks, is, sslTrustStorePwdValue.toCharArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 925| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 926| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.websocket.server.WsServerContainer.(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 91, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 97, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 103, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 107, + "event": "returned_null", + "message": "\"addFilter\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.addFilter\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 107, + "event": "var_assigned", + "message": "Assigning: \"fr\" = \"null\" return value from \"addFilter\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 109, + "event": "null_method_call", + "message": "Calling a method on null object \"fr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| FilterRegistration.Dynamic fr = servletContext.addFilter(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \"Tomcat WebSocket (JSR356) Filter\", new WsFilter());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109|-> fr.setAsyncSupported(true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| EnumSet types = EnumSet.of(DispatcherType.REQUEST,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.checkAbandoned()", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1069, + "event": "path", + "message": "Condition \"busy.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1072, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"busy\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1072, + "event": "assign", + "message": "Assigning: \"locked\" = \"busy.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1074, + "event": "path", + "message": "Condition \"locked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1081, + "event": "path", + "message": "Condition \"idle.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1081, + "event": "path", + "message": "Condition \"con.isReleased()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1086, + "event": "path", + "message": "Condition \"shouldAbandon()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1086, + "event": "path", + "message": "Condition \"now - time > con.getAbandonTimeout()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1087, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"busy\" which invalidates iterator \"locked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1090, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1097, + "event": "path", + "message": "Condition \"setToNull\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1101, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1074, + "event": "invalid_iterator", + "message": "Using invalid iterator \"locked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1072| Iterator locked = busy.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1073| int sto = getPoolProperties().getSuspectTimeout();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1074|-> while (locked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1075| PooledConnection con = locked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1076| boolean setToNull = false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.checkIdle(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1120, + "event": "path", + "message": "Condition \"idle.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1124, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"idle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1124, + "event": "assign", + "message": "Assigning: \"unlocked\" = \"idle.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"ignoreMinSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"unlocked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1131, + "event": "path", + "message": "Condition \"busy.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1135, + "event": "path", + "message": "Condition \"shouldReleaseIdle(now, con, time)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1138, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"idle\" which invalidates iterator \"unlocked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1140, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1145, + "event": "path", + "message": "Condition \"setToNull\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1149, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"ignoreMinSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "invalid_iterator", + "message": "Using invalid iterator \"unlocked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1123| long now = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1124| Iterator unlocked = idle.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1125|-> while ( (ignoreMinSize || (idle.size()>=getPoolProperties().getMinIdle())) && unlocked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1126| PooledConnection con = unlocked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1127| boolean setToNull = false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.testAllIdle(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1181, + "event": "path", + "message": "Condition \"idle.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1184, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"idle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1184, + "event": "assign", + "message": "Assigning: \"unlocked\" = \"idle.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1185, + "event": "path", + "message": "Condition \"unlocked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1190, + "event": "path", + "message": "Condition \"busy.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1195, + "event": "path", + "message": "Condition \"checkMaxAgeOnly\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1196, + "event": "path", + "message": "Condition \"!reconnectIfExpired(con)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1197, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1200, + "event": "path", + "message": "Condition \"release\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1201, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"idle\" which invalidates iterator \"unlocked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1207, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1185, + "event": "invalid_iterator", + "message": "Using invalid iterator \"unlocked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1183| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1184| Iterator unlocked = idle.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1185|-> while (unlocked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1186| PooledConnection con = unlocked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1187| try {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool$ConnectionFuture.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1497, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1497, + "event": "var_assigned", + "message": "Assigning: \"con\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1498, + "event": "null_method_call", + "message": "Calling a method on null object \"con\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1496| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1497| Connection con = get(); //complete this future", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1498|-> con.close(); //return to the pool", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1499| }catch (ExecutionException ex) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1500| //we can ignore this", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.FairBlockingQueue.offer(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 99, + "event": "path", + "message": "Condition \"!waiters.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 101, + "event": "returned_null", + "message": "\"waiters.poll()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 101, + "event": "var_assigned", + "message": "Assigning: \"c\" = \"null\" return value from \"poll\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 103, + "event": "null_method_call", + "message": "Calling a method on null object \"c\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| c = waiters.poll();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| //give the object to the thread instead of adding it to the pool", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> c.setItem(e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| if (isLinux) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| c.countDown();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.MultiLockFairBlockingQueue.offer(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 110, + "event": "path", + "message": "Condition \"!waiters[idx].isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 112, + "event": "returned_null", + "message": "\"waiters[idx].poll()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 112, + "event": "var_assigned", + "message": "Assigning: \"c\" = \"null\" return value from \"poll\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 114, + "event": "null_method_call", + "message": "Calling a method on null object \"c\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| c = waiters[idx].poll();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| //give the object to the thread instead of adding it to the pool", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114|-> c.setItem(e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| //we always add first, so that the most recently used object will be given out", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 269, + "event": "password_use", + "message": "Calling \"getXAConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.XADataSource.getXAConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 269, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| javax.sql.XADataSource xds = (javax.sql.XADataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269|-> xaConnection = xds.getXAConnection(usr, pwd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| connection = xaConnection.getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 278, + "event": "password_use", + "message": "Calling \"getConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.DataSource.getConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 278, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| javax.sql.DataSource ds = (javax.sql.DataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 277| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278|-> connection = ds.getConnection(usr, pwd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280| connection = ds.getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 254, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"user\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 256, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 260, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"password\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 262, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 266, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.XADataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 275, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.DataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 282, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"usr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"pwd != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"getPooledConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "noescape", + "message": "Resource \"ds.getPooledConnection(usr, pwd)\" is not closed or saved in \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "leaked_connection", + "message": "Failing to save or close JDBC connection open by \"ds.getPooledConnection(usr, pwd)\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| connection = ds.getPooledConnection().getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "password_use", + "message": "Calling \"getPooledConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.ConnectionPoolDataSource.getPooledConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| connection = ds.getPooledConnection().getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 340, + "event": "identity", + "message": "Calling \"setProperty\". This call assigns \"pwd\" to \"properties\". (The virtual call resolves to \"java.util.Properties.setProperty(java.lang.String, java.lang.String)\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 345, + "event": "password_use", + "message": "Calling \"getConnection\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 345, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 343| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 344| if (driver==null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 345|-> connection = DriverManager.getConnection(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 346| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 347| connection = driver.connect(driverURL, properties);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 340, + "event": "identity", + "message": "Calling \"setProperty\". This call assigns \"pwd\" to \"properties\". (The virtual call resolves to \"java.util.Properties.setProperty(java.lang.String, java.lang.String)\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 347, + "event": "password_use", + "message": "Calling \"connect\". This call uses the constant string as a password. (The virtual call resolves to \"java.sql.Driver.connect(java.lang.String, java.util.Properties)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 347, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 345| connection = DriverManager.getConnection(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 346| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 347|-> connection = driver.connect(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 348| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 349| } catch (Exception x) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(java.lang.Object, java.lang.reflect.Method, java.lang.Object[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 93, + "event": "path", + "message": "Condition \"compare(\"isClosed\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.ISCLOSED_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 96, + "event": "path", + "message": "Condition \"compare(\"close\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.CLOSE_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 105, + "event": "path", + "message": "Condition \"compare(\"toString\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.TOSTRING_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "path", + "message": "Condition \"compare(\"getConnection\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.GETCONNECTION_VAL */, method)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "path", + "message": "Condition \"connection != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "var_compare_op", + "message": "Comparing \"connection\" to null implies that \"connection\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 109, + "event": "path", + "message": "Condition \"method.getDeclaringClass().isAssignableFrom(javax.sql.XAConnection.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 111, + "event": "null_method_call", + "message": "Calling a method on null object \"connection\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| } else if (method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111|-> return method.invoke(connection.getXAConnection(),args);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }catch (Throwable t) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| if (t instanceof InvocationTargetException) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.prepare(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "read_volatile", + "message": "Reading \"prepareCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "intervening_update", + "message": "Another thread writes to \"prepareCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "stale_update", + "message": "Updating \"prepareCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| public void prepare(long invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418|-> prepareCount++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| prepareTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.prepare(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "read_volatile", + "message": "Reading \"prepareTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "intervening_update", + "message": "Another thread writes to \"prepareTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "stale_update", + "message": "Updating \"prepareTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| public void prepare(long invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418| prepareCount++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419|-> prepareTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "read_volatile", + "message": "Reading \"maxInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "intervening_update", + "message": "Another thread writes to \"maxInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "stale_update", + "message": "Updating \"maxInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"maxInvocationTime\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 423| public void add(long invocationTime, long now) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 424| //not thread safe, but don't sacrifice performance for this kind of stuff", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 425|-> maxInvocationTime = Math.max(invocationTime, maxInvocationTime);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 426| if (maxInvocationTime == invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| maxInvocationDate = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "read_volatile", + "message": "Reading \"minInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "intervening_update", + "message": "Another thread writes to \"minInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "stale_update", + "message": "Updating \"minInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"minInvocationTime\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| maxInvocationDate = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429|-> minInvocationTime = Math.min(invocationTime, minInvocationTime);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| if (minInvocationTime==invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| minInvocationDate = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "path", + "message": "Condition \"minInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "read_volatile", + "message": "Reading \"nrOfInvocations\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfInvocations\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "stale_update", + "message": "Updating \"nrOfInvocations\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| minInvocationDate = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433|-> nrOfInvocations++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434| totalInvocationTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| lastInvocation = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "path", + "message": "Condition \"minInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "read_volatile", + "message": "Reading \"totalInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "intervening_update", + "message": "Another thread writes to \"totalInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "stale_update", + "message": "Updating \"totalInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| nrOfInvocations++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434|-> totalInvocationTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| lastInvocation = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.failure(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "read_volatile", + "message": "Reading \"failures\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "intervening_update", + "message": "Another thread writes to \"failures\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "stale_update", + "message": "Updating \"failures\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| public void failure(long invocationTime, long now) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| add(invocationTime,now);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440|-> failures++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 442| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "ServletToJsp.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "return_thread_shared", + "message": "Call to \"getServletConfig\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 27, + "event": "thread_entry_point", + "message": "\"doGet\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getServletConfig()\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "write", + "message": "\"getServletConfig()\" is modified in call to \"getServletContext\". (The virtual call resolves to \"org.apache.catalina.core.StandardWrapperFacade.getServletContext\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| // Set the attribute and Forward to hello.jsp", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| request.setAttribute (\"servletName\", \"servletToJsp\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> getServletConfig().getServletContext().getRequestDispatcher(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \"/jsp/jsptoserv/hello.jsp\").forward(request, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| } catch (Exception ex) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "async.Stockticker.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 91, + "event": "path", + "message": "Condition \"run\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 92, + "event": "path", + "message": "Condition \"j < 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 94, + "event": "path", + "message": "Condition \"i < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 100, + "event": "path", + "message": "Condition \"plus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 102, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "read_volatile", + "message": "Reading \"ticknr\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "intervening_update", + "message": "Another thread writes to \"ticknr\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "stale_update", + "message": "Updating \"ticknr\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| stock.setValue(stock.getValue() - change);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> stock.setCnt(++ticknr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| for (TickListener l : listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| l.tick(stock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "nonblocking.ByteCounter$CounterListener.onDataAvailable()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 105, + "event": "path", + "message": "Condition \"sis.isReady()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 105, + "event": "path", + "message": "Condition \"read > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 107, + "event": "path", + "message": "Condition \"read > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "read_volatile", + "message": "Reading \"totalBytesRead\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "intervening_update", + "message": "Another thread writes to \"totalBytesRead\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "stale_update", + "message": "Updating \"totalBytesRead\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| read = sis.read(buffer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| if (read > 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> totalBytesRead += read;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "websocket.chat.ChatAnnotation.broadcast(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "enhanced_for", + "message": "Starting an iteration on \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "path", + "message": "Iterating over another element of \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 95, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 107, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "path", + "message": "Iterating over another element of \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 93, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"sendText\". (The virtual call resolves to \"org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText\".)", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 95, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 97, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"websocket.chat.ChatAnnotation.connections\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 100, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 107, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.50.redhat-00006-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"websocket.chat.ChatAnnotation.connections\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| private static void broadcast(String msg) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90|-> for (ChatAnnotation client : connections) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| synchronized (client) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "ipv6cp_script", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "ppp-ppp-2.4.9/pppd/ipv6cp.c", + "line": 1411, + "event": "returned_string", + "message": "\"llv6_ntoa\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "ppp-ppp-2.4.9/pppd/ipv6cp.c", + "line": 1411, + "event": "string_overflow", + "message": "You might overrun the 32-character destination string \"strlocal\" by writing 64 characters from \"llv6_ntoa(ipv6cp_gotoptions[0].ourid)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1409| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1410| sprintf(strspeed, \"%d\", baud_rate);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1411|-> strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1412| strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1413| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "ipv6cp_script", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "ppp-ppp-2.4.9/pppd/ipv6cp.c", + "line": 1412, + "event": "returned_string", + "message": "\"llv6_ntoa\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "ppp-ppp-2.4.9/pppd/ipv6cp.c", + "line": 1412, + "event": "string_overflow", + "message": "You might overrun the 32-character destination string \"strremote\" by writing 64 characters from \"llv6_ntoa(ipv6cp_hisoptions[0].hisid)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1410| sprintf(strspeed, \"%d\", baud_rate);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1411| strcpy(strlocal, llv6_ntoa(ipv6cp_gotoptions[0].ourid));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1412|-> strcpy(strremote, llv6_ntoa(ipv6cp_hisoptions[0].hisid));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1413| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1414| argv[0] = script;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.jackson.ResteasyJackson2Provider.readFrom(java.lang.Class, java.lang.reflect.Type, java.lang.annotation.Annotation[], javax.ws.rs.core.MediaType, javax.ws.rs.core.MultivaluedMap, java.io.InputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 115, + "event": "path", + "message": "Condition \"endpoint == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 121, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"_createParser\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 121, + "event": "var_assign", + "message": "Assigning: \"jp\" = resource returned from \"_createParser(reader, entityStream)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 123, + "event": "path", + "message": "Condition \"jp == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 123, + "event": "noescape", + "message": "Resource \"jp\" is not closed or saved in \"nextToken\". (The virtual call resolves to \"com.fasterxml.jackson.core.util.JsonParserDelegate.nextToken\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 123, + "event": "path", + "message": "Condition \"jp.nextToken() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/ResteasyJackson2Provider.java", + "line": 124, + "event": "leaked_resource", + "message": "Variable \"jp\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| // If null is returned, considered to be empty stream", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| if (jp == null || jp.nextToken() == null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124|-> return null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| // [Issue#1]: allow 'binding' to JsonParser", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.client.jaxrs.engines.URLConnectionEngine.executeRequest(org.jboss.resteasy.client.jaxrs.internal.ClientInvocation, java.net.HttpURLConnection)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 158, + "event": "path", + "message": "Condition \"request.getEntity() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 160, + "event": "path", + "message": "Condition \"request.getMethod().equals(\"GET\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 171, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getOutputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 171, + "event": "var_assign", + "message": "Assigning: \"os\" = resource returned from \"connection.getOutputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 172, + "event": "noescape", + "message": "Resource \"os\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 172, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/engines/URLConnectionEngine.java", + "line": 172, + "event": "leaked_resource", + "message": "Variable \"os\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| connection.setDoOutput(true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| OutputStream os = connection.getOutputStream();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172|-> os.write(baos.toByteArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| os.flush();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| os.close();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.ResponseObjectEntityExtractorFactory.createClientInvoker(org.jboss.resteasy.client.jaxrs.internal.proxy.extractors.ClientContext, java.net.URI, java.lang.reflect.Method)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 191, + "event": "returned_null", + "message": "\"getHttpMethods\" returns \"null\" (checked 14 out of 15 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 191, + "event": "var_assigned", + "message": "Assigning: \"httpMethods\" = \"null\" return value from \"getHttpMethods\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 192, + "event": "null_method_call", + "message": "Calling a method on null object \"httpMethods\".", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/ProxyBuilder.java", + "line": 86, + "event": "example_assign", + "message": "Example 1: Assigning: \"httpMethods\" = return value from \"org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/ProxyBuilder.java", + "line": 87, + "event": "example_checked", + "message": "Example 1 (cont.): \"httpMethods\" has its value checked in \"httpMethods == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 198, + "event": "example_assign", + "message": "Example 2: Assigning: \"httpMethods\" = return value from \"org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/internal/proxy/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 199, + "event": "example_checked", + "message": "Example 2 (cont.): \"httpMethods\" has its value checked in \"httpMethods != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyBuilder.java", + "line": 147, + "event": "example_assign", + "message": "Example 3: Assigning: \"httpMethods\" = return value from \"org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyBuilder.java", + "line": 148, + "event": "example_checked", + "message": "Example 3 (cont.): \"httpMethods\" has its value checked in \"httpMethods == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyFactory.java", + "line": 92, + "event": "example_assign", + "message": "Example 4: Assigning: \"httpMethods\" = return value from \"org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ProxyFactory.java", + "line": 93, + "event": "example_checked", + "message": "Example 4 (cont.): \"httpMethods\" has its value checked in \"httpMethods == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 206, + "event": "example_assign", + "message": "Example 5: Assigning: \"httpMethods\" = return value from \"org.jboss.resteasy.util.IsHttpMethod.getHttpMethods(method)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ResponseObjectEntityExtractorFactory.java", + "line": 207, + "event": "example_checked", + "message": "Example 5 (cont.): \"httpMethods\" has its value checked in \"httpMethods != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| Set httpMethods = IsHttpMethod.getHttpMethods(method);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192|-> clientInvoker.setHttpMethod(httpMethods.iterator().next());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193| return clientInvoker;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.client.cache.CacheInterceptor.cacheIfPossible(org.jboss.resteasy.client.ClientRequest, org.jboss.resteasy.client.core.BaseClientResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 193, + "event": "path", + "message": "Condition \"cc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 196, + "event": "path", + "message": "Condition \"cacheControl.isNoCache()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 198, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 210, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 210, + "event": "noescape", + "message": "Resource \"response.getStreamFactory().getInputStream()\" is not closed or saved in \"readFromStream\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 210, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"response.getStreamFactory().getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208| String contentType = (String) response.getResponseHeaders().getFirst(HttpHeaders.CONTENT_TYPE);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210|-> byte[] cached = ReadFromStream.readFromStream(1024, response.getStreamFactory().getInputStream());\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211| response.getStreamFactory().performReleaseConnection();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| \r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.client.core.BaseClientResponse.resetStream()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "noescape", + "message": "Resource \"this.streamFactory.getInputStream()\" is not closed or saved in \"markSupported\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "path", + "message": "Condition \"this.streamFactory.getInputStream().markSupported()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"this.streamFactory.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332| try\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334|-> if (this.streamFactory.getInputStream().markSupported())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| this.streamFactory.getInputStream().reset();\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.client.core.BaseClientResponse.resetStream()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "returned_null", + "message": "\"getInputStream\" returns \"null\" (checked 3 out of 7 times). (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "null_method_call", + "message": "Calling a method on null object \"this.streamFactory.getInputStream()\".", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 432, + "event": "example_assign", + "message": "Example 1: Assigning: \"is\" = return value from \"streamFactory.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 433, + "event": "example_checked", + "message": "Example 1 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java", + "line": 266, + "event": "example_assign", + "message": "Example 2: Assigning: \"is\" = return value from \"getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java", + "line": 267, + "event": "example_checked", + "message": "Example 2 (cont.): \"is\" has its value checked in \"is != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 38, + "event": "example_assign", + "message": "Example 3: Assigning: \"stream\" = return value from \"clientResponse.getStreamFactory().getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 39, + "event": "example_checked", + "message": "Example 3 (cont.): \"stream\" has its value checked in \"stream != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332| try\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334|-> if (this.streamFactory.getInputStream().markSupported())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| this.streamFactory.getInputStream().reset();\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.client.core.BaseClientResponse.resetStream()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "path", + "message": "Condition \"this.streamFactory.getInputStream().markSupported()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 336, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 336, + "event": "noescape", + "message": "Resource \"this.streamFactory.getInputStream()\" is not closed or saved in \"reset\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 336, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"this.streamFactory.getInputStream()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| if (this.streamFactory.getInputStream().markSupported())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336|-> this.streamFactory.getInputStream().reset();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.client.core.BaseClientResponse.resetStream()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 334, + "event": "path", + "message": "Condition \"this.streamFactory.getInputStream().markSupported()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 336, + "event": "returned_null", + "message": "\"getInputStream\" returns \"null\" (checked 3 out of 7 times). (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 336, + "event": "null_method_call", + "message": "Calling a method on null object \"this.streamFactory.getInputStream()\".", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 432, + "event": "example_assign", + "message": "Example 1: Assigning: \"is\" = return value from \"streamFactory.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 433, + "event": "example_checked", + "message": "Example 1 (cont.): \"is\" has its value checked in \"is == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java", + "line": 266, + "event": "example_assign", + "message": "Example 2: Assigning: \"is\" = return value from \"getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/executors/ApacheHttpClient4Executor.java", + "line": 267, + "event": "example_checked", + "message": "Example 2 (cont.): \"is\" has its value checked in \"is != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 38, + "event": "example_assign", + "message": "Example 3: Assigning: \"stream\" = return value from \"clientResponse.getStreamFactory().getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 39, + "event": "example_checked", + "message": "Example 3 (cont.): \"stream\" has its value checked in \"stream != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| if (this.streamFactory.getInputStream().markSupported())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336|-> this.streamFactory.getInputStream().reset();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.client.core.ClientInterceptorRepositoryImpl.getArray(java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java", + "line": 72, + "event": "returned_null", + "message": "\"getInterceptors\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java", + "line": 72, + "event": "var_assigned", + "message": "Assigning: \"interceptors\" = \"null\" return value from \"getInterceptors\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/ClientInterceptorRepositoryImpl.java", + "line": 73, + "event": "null_method_call", + "message": "Calling a method on null object \"interceptors\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| LinkedList interceptors = getInterceptors(type);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73|-> return (T[]) interceptors.toArray((T[]) Array.newInstance(type,\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| interceptors.size()));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.client.core.extractors.ClientErrorHandler.clientErrorHandling(org.jboss.resteasy.client.core.BaseClientResponse, java.lang.RuntimeException)", + "language": "java", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 30, + "event": "path", + "message": "Iterating over another element of \"interceptors\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 39, + "event": "path", + "message": "Condition \"stream != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 43, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 50, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 30, + "event": "path", + "message": "Iterating over another element of \"interceptors\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 38, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\". (The virtual call resolves to \"org.jboss.resteasy.client.core.executors.URLConnectionClientExecutor.1.getInputStream\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 38, + "event": "var_assign", + "message": "Assigning: \"stream\" = resource returned from \"clientResponse.getStreamFactory().getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 39, + "event": "path", + "message": "Condition \"stream != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 41, + "event": "noescape", + "message": "Resource \"stream\" is not closed or saved in \"reset\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/extractors/ClientErrorHandler.java", + "line": 43, + "event": "leaked_resource", + "message": "Variable \"stream\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| stream.reset();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| catch (IOException e1)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| {\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.AsynchronousDispatcher.oneway(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.HttpResponse, org.jboss.resteasy.core.ResourceInvoker)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java", + "line": 357, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java", + "line": 357, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/AsynchronousDispatcher.java", + "line": 357, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"inOneWay\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.inOneWay\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 355| public void oneway(HttpRequest request, HttpResponse response, final ResourceInvoker invoker)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 356| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 357|-> LogMessages.LOGGER.inOneWay();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 358| final MockHttpRequest in;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 359| try", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.ExceptionHandler.handleFailure(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.Failure)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 152, + "event": "path", + "message": "Condition \"failure.isLoggable()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 153, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 153, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 153, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"failedExecutingError\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedExecutingError\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| if (failure.isLoggable())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153|-> LogMessages.LOGGER.failedExecutingError(request.getHttpMethod(), request.getUri().getPath(), failure);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154| else LogMessages.LOGGER.failedExecutingDebug(request.getHttpMethod(), request.getUri().getPath(), failure);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.ExceptionHandler.handleFailure(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.Failure)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 152, + "event": "path", + "message": "Condition \"failure.isLoggable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 154, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 154, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 154, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"failedExecutingDebug\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedExecutingDebug\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| if (failure.isLoggable())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| LogMessages.LOGGER.failedExecutingError(request.getHttpMethod(), request.getUri().getPath(), failure);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 154|-> else LogMessages.LOGGER.failedExecutingDebug(request.getHttpMethod(), request.getUri().getPath(), failure);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| if (failure.getResponse() != null) {\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.ExceptionHandler.handleWebApplicationException(javax.ws.rs.WebApplicationException)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 202, + "event": "path", + "message": "Condition \"wae instanceof javax.ws.rs.NotFoundException\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 204, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 204, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 204, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"failedToExecuteDebug\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedToExecuteDebug\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202| if (wae instanceof NotFoundException) \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 203| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 204|-> LogMessages.LOGGER.failedToExecuteDebug(wae);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 205| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 206| else if (!(wae instanceof NoLogWebApplicationException))\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.ExceptionHandler.handleWebApplicationException(javax.ws.rs.WebApplicationException)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 202, + "event": "path", + "message": "Condition \"wae instanceof javax.ws.rs.NotFoundException\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 206, + "event": "path", + "message": "Condition \"!(wae instanceof org.jboss.resteasy.spi.NoLogWebApplicationException)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 208, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 208, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ExceptionHandler.java", + "line": 208, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"failedToExecute\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.failedToExecute\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 206| else if (!(wae instanceof NoLogWebApplicationException))\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 207| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208|-> LogMessages.LOGGER.failedToExecute(wae);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210| return wae.getResponse();\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.core.ServerResponseWriter.writeNomapResponse(org.jboss.resteasy.specimpl.BuiltResponse, org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.HttpResponse, org.jboss.resteasy.spi.ResteasyProviderFactory)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 53, + "event": "path", + "message": "Condition \"jaxrsResponse.getEntity() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 55, + "event": "path", + "message": "Condition \"jaxrsResponse.getMediaType() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 61, + "event": "path", + "message": "Condition \"deployment != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 65, + "event": "path", + "message": "Condition \"addCharset\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 68, + "event": "returned_null", + "message": "\"getFirst\" returns \"null\" (checked 28 out of 38 times). (The virtual call resolves to \"javax.ws.rs.core.AbstractMultivaluedMap.getFirst\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 68, + "event": "var_assigned", + "message": "Assigning: \"o\" = \"null\" return value from \"getFirst\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 69, + "event": "path", + "message": "Condition \"o instanceof javax.ws.rs.core.MediaType\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/ServerResponseWriter.java", + "line": 75, + "event": "null_method_call", + "message": "Calling a method on null object \"o\".", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/Jackson2JsonpInterceptor.java", + "line": 155, + "event": "example_assign", + "message": "Example 1: Assigning: \"function\" = return value from \"uri.getQueryParameters().getFirst(callbackQueryParameter)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/providers/jackson2/src/main/java/org/jboss/resteasy/plugins/providers/jackson/Jackson2JsonpInterceptor.java", + "line": 156, + "event": "example_checked", + "message": "Example 1 (cont.): \"function\" has its value checked in \"function != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/cache/CacheInterceptor.java", + "line": 161, + "event": "example_assign", + "message": "Example 2: Assigning: \"etag\" = return value from \"old.getHeaders().getFirst(\"ETag\")\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-client/src/main/java/org/jboss/resteasy/client/jaxrs/cache/CacheInterceptor.java", + "line": 169, + "event": "example_checked", + "message": "Example 2 (cont.): \"etag\" has its value checked in \"etag == null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ClientRequest.java", + "line": 184, + "event": "example_assign", + "message": "Example 3: Assigning: \"curr\" = return value from \"getHeadersAsObjects().getFirst(\"Accept\")\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/ClientRequest.java", + "line": 185, + "event": "example_checked", + "message": "Example 3 (cont.): \"curr\" has its value checked in \"curr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 189, + "event": "example_assign", + "message": "Example 4: Assigning: \"cc\" = return value from \"response.getResponseHeaders().getFirst(\"Cache-Control\")\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/cache/CacheInterceptor.java", + "line": 193, + "event": "example_checked", + "message": "Example 4 (cont.): \"cc\" has its value checked in \"cc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 304, + "event": "example_assign", + "message": "Example 5: Assigning: \"value\" = return value from \"headers.getFirst(headerName)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/client/core/BaseClientResponse.java", + "line": 305, + "event": "example_checked", + "message": "Example 5 (cont.): \"value\" has its value checked in \"value == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| else\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75|-> mt = MediaType.valueOf(o.toString());\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| if (!mt.getParameters().containsKey(MediaType.CHARSET_PARAMETER))\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.SynchronousDispatcher.getInvoker(org.jboss.resteasy.spi.HttpRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 263, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 263, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 263, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"pathInfo\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.pathInfo\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 261| throws Failure\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 262| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 263|-> LogMessages.LOGGER.pathInfo(request.getUri().getPath());\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 264| if (!request.isInitial())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 265| {\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.core.SynchronousDispatcher.execute(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.HttpResponse, org.jboss.resteasy.core.ResourceInvoker)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 373, + "event": "path", + "message": "Condition \"request.getAsyncContext().isSuspended()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 381, + "event": "returned_null", + "message": "\"getAsyncResponse\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"org.jboss.resteasy.mock.MockHttpRequest.2.getAsyncResponse\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 381, + "event": "null_method_call", + "message": "Calling a method on null object \"request.getAsyncContext().getAsyncResponse()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 379| *\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 380| */\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 381|-> request.getAsyncContext().getAsyncResponse().initialRequestThreadFinished();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 382| jaxrsResponse = null; // we're handing response asynchronously\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 383| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.core.SynchronousDispatcher.invoke(org.jboss.resteasy.spi.HttpRequest, org.jboss.resteasy.spi.HttpResponse, org.jboss.resteasy.core.ResourceInvoker)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 407, + "event": "path", + "message": "Condition \"request.getAsyncContext().isSuspended()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 415, + "event": "returned_null", + "message": "\"getAsyncResponse\" returns \"null\" (checked 0 out of 3 times). (The virtual call resolves to \"org.jboss.resteasy.mock.MockHttpRequest.2.getAsyncResponse\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/SynchronousDispatcher.java", + "line": 415, + "event": "null_method_call", + "message": "Calling a method on null object \"request.getAsyncContext().getAsyncResponse()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 413| *\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 414| */\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 415|-> request.getAsyncContext().getAsyncResponse().initialRequestThreadFinished();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| jaxrsResponse = null; // we're handing response asynchronously\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.core.registry.SegmentNode.match(java.util.List, java.lang.String, org.jboss.resteasy.spi.HttpRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 35, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 398, + "event": "path", + "message": "Iterating over another element of \"requestAccepts\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 398, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 398, + "event": "path", + "message": "No elements left in \"requestAccepts\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 406, + "event": "path", + "message": "Iterating over another element of \"matches\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 410, + "event": "path", + "message": "Condition \"invoker.getHttpMethods().contains(httpMethod.toUpperCase())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 413, + "event": "path", + "message": "Condition \"invoker.doesConsume(contentType)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 416, + "event": "path", + "message": "Condition \"invoker.doesProduce(weightedAccepts)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 423, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 406, + "event": "path", + "message": "No elements left in \"matches\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 425, + "event": "path", + "message": "Condition \"list.size() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 468, + "event": "path", + "message": "Iterating over another element of \"list\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 471, + "event": "path", + "message": "Condition \"contentType == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 474, + "event": "path", + "message": "Condition \"consumes.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 479, + "event": "path", + "message": "Condition \"produces.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 484, + "event": "path", + "message": "Iterating over another element of \"consumes\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 487, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 484, + "event": "path", + "message": "No elements left in \"consumes\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 488, + "event": "path", + "message": "Iterating over another element of \"produces\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 491, + "event": "path", + "message": "Condition \"acceptableMediaTypes.size() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 495, + "event": "path", + "message": "Iterating over another element of \"acceptableMediaTypes\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 497, + "event": "path", + "message": "Condition \"accept.isCompatible(produce)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 508, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 495, + "event": "path", + "message": "Iterating over another element of \"acceptableMediaTypes\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 497, + "event": "path", + "message": "Condition \"accept.isCompatible(produce)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 501, + "event": "path", + "message": "Iterating over another element of \"consumeCombo\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 505, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 501, + "event": "path", + "message": "No elements left in \"consumeCombo\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 508, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 495, + "event": "path", + "message": "No elements left in \"acceptableMediaTypes\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 509, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 488, + "event": "path", + "message": "No elements left in \"produces\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 510, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 468, + "event": "path", + "message": "No elements left in \"list\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 514, + "event": "path", + "message": "Condition \"mm != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 516, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 516, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/registry/SegmentNode.java", + "line": 516, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"multipleMethodsMatch\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.multipleMethodsMatch\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 514| if (mm != null)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 515| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 516|-> LogMessages.LOGGER.multipleMethodsMatch(requestToString(request), mm);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 517| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| request.setAttribute(RESTEASY_CHOSEN_ACCEPT, sortEntry.getAcceptType());\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.core.request.ServerDrivenNegotiation.setAcceptHeaders(java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java", + "line": 36, + "event": "path", + "message": "Condition \"headerValues == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java", + "line": 38, + "event": "assign_zero", + "message": "Assigning: \"requested\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java", + "line": 39, + "event": "path", + "message": "No elements left in \"headerValues\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/core/request/ServerDrivenNegotiation.java", + "line": 50, + "event": "null_method_call", + "message": "Calling a method on null object \"requested\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| requestedMediaTypes = requested;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50|-> for (Iterator it = requested.keySet().iterator(); it.hasNext(); )", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| mediaRadix = Math.max(mediaRadix, it.next().getParameters().size());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.plugins.interceptors.encoding.GZIPDecodingInterceptor.getMaxSize()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 129, + "event": "path", + "message": "Condition \"maxSize != -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 136, + "event": "path", + "message": "Condition \"context != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 139, + "event": "path", + "message": "Condition \"s != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 143, + "event": "path", + "message": "Throwing \"java.lang.NumberFormatException\" from call to \"parseInt\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 145, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 147, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 147, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/encoding/GZIPDecodingInterceptor.java", + "line": 147, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"invalidFormat\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.invalidFormat\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 145| catch (NumberFormatException e)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147|-> LogMessages.LOGGER.invalidFormat(ResteasyContextParameters.RESTEASY_GZIP_MAX_INPUT, Integer.toString(DEFAULT_MAX_SIZE));\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| }\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.DataSourceProvider$SequencedDataSource.getInputStream()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 70, + "event": "path", + "message": "Condition \"tempFile == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 72, + "event": "new_resource", + "message": "\"new java.io.FileInputStream(tempFile)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 72, + "event": "var_assign", + "message": "Assigning: \"fis\" = resource returned from \"new java.io.FileInputStream(tempFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 73, + "event": "identity_transfer", + "message": "Passing \"fis\" as argument 2 to constructor for class \"SequenceInputStream\", which sets \"bis\" to a wrapper for that argument.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 73, + "event": "leaked_resource", + "message": "Variable \"fis\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 73, + "event": "leaked_resource", + "message": "Variable \"bis\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| return bis;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| InputStream fis = new FileInputStream(tempFile);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73|-> return new SequenceInputStream(bis, fis);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.DataSourceProvider.readDataSource(java.io.InputStream, javax.ws.rs.core.MediaType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 103, + "event": "path", + "message": "Condition \"readCount > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 107, + "event": "path", + "message": "Condition \"count > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 110, + "event": "path", + "message": "Condition \"cleanables != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 114, + "event": "new_resource", + "message": "\"new java.io.FileOutputStream(tempFile)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 114, + "event": "var_assign", + "message": "Assigning: \"fos\" = resource returned from \"new java.io.FileOutputStream(tempFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 115, + "event": "noescape", + "message": "Resource \"fos\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 115, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/DataSourceProvider.java", + "line": 115, + "event": "leaked_resource", + "message": "Variable \"fos\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| FileOutputStream fos = new FileOutputStream(tempFile);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> fos.write(buffer, 0, count);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.FileProvider.readFrom(java.lang.Class, java.lang.reflect.Type, java.lang.annotation.Annotation[], javax.ws.rs.core.MediaType, javax.ws.rs.core.MultivaluedMap, java.io.InputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 68, + "event": "path", + "message": "Condition \"_downloadDirectory != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 72, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"createTempFile\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 75, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 79, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 79, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 79, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"couldNotBindToDirectory\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.couldNotBindToDirectory\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| // could make this configurable, so we fail on fault rather than", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| // default.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79|-> LogMessages.LOGGER.couldNotBindToDirectory(_downloadDirectory);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.FileProvider.readFrom(java.lang.Class, java.lang.reflect.Type, java.lang.annotation.Annotation[], javax.ws.rs.core.MediaType, javax.ws.rs.core.MultivaluedMap, java.io.InputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 68, + "event": "path", + "message": "Condition \"_downloadDirectory != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 72, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"createTempFile\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 75, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 83, + "event": "path", + "message": "Condition \"downloadedFile == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 87, + "event": "path", + "message": "Condition \"cleanables != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 93, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 93, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/FileProvider.java", + "line": 93, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"temporaryFileCreated\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.temporaryFileCreated\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93|-> LogMessages.LOGGER.temporaryFileCreated(downloadedFile.getPath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.plugins.providers.IIOImageProviderHelper.getImageReaderByMediaType(javax.ws.rs.core.MediaType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 89, + "event": "path", + "message": "Condition \"readers.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 92, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 89, + "event": "path", + "message": "Condition \"readers.hasNext()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 94, + "event": "path", + "message": "Condition \"reader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/resteasy_jaxrs/i18n/LogMessages.java", + "line": 27, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 97, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 97, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/providers/IIOImageProviderHelper.java", + "line": 97, + "event": "write", + "message": "\"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages.LOGGER\" is modified in call to \"readerNotFound\". (The virtual call resolves to \"org.jboss.resteasy.resteasy_jaxrs.i18n.LogMessages_.logger.readerNotFound\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| String[] availableTypes = ImageIO.getReaderMIMETypes();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97|-> LogMessages.LOGGER.readerNotFound(mediaType, availableTypes);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| List variants = ProviderHelper.getAvailableVariants(availableTypes);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| Response response = Response.notAcceptable(variants).status(Status.NOT_ACCEPTABLE).build();\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 56, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 21, + "event": "thread_shared_derived", + "message": "\"org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 54, + "event": "thread_entry_point", + "message": "\"service\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 56, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"servletContainerDispatcher\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 56, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/HttpServletDispatcher.java", + "line": 56, + "event": "write", + "message": "\"servletContainerDispatcher\" is modified in call to \"service\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| public void service(String httpMethod, HttpServletRequest request, HttpServletResponse response) throws IOException\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56|-> servletContainerDispatcher.service(httpMethod, request, response, true);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| \r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.plugins.server.servlet.Servlet3AsyncHttpRequest$Servlet3ExecutionContext.setupAsyncContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java", + "line": 331, + "event": "path", + "message": "Condition \"servletRequest.isAsyncStarted()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java", + "line": 336, + "event": "returned_null", + "message": "\"startAsync\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"javax.servlet.ServletRequestWrapper.startAsync\".)", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java", + "line": 336, + "event": "var_assigned", + "message": "Assigning: \"asyncContext\" = \"null\" return value from \"startAsync\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/server/servlet/Servlet3AsyncHttpRequest.java", + "line": 337, + "event": "null_method_call", + "message": "Calling a method on null object \"asyncContext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| asynchronousResponse = new Servle3AsychronousResponse();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| AsyncContext asyncContext = servletRequest.startAsync();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337|-> asyncContext.addListener(asynchronousResponse);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| wasSuspended = true;\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| return asyncContext;\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.InternalDispatcher.getEntity(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/InternalDispatcher.java", + "line": 60, + "event": "returned_null", + "message": "\"getResponse\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/InternalDispatcher.java", + "line": 60, + "event": "null_method_call", + "message": "Calling a method on null object \"getResponse(uri)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58| public Object getEntity(String uri)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60|-> return getResponse(uri).getEntity();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| \r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.createHeaderDelegate(java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 752, + "event": "path", + "message": "Condition \"tClass == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 753, + "event": "path", + "message": "Condition \"headerDelegates == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 753, + "event": "var_compare_op", + "message": "Comparing \"headerDelegates\" to null implies that \"headerDelegates\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 753, + "event": "path", + "message": "Condition \"parent != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 756, + "event": "path", + "message": "Condition \"clazz != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 758, + "event": "null_method_call", + "message": "Calling a method on null object \"headerDelegates\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 756| while (clazz != null)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 757| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 758|-> HeaderDelegate delegate = headerDelegates.get(clazz);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 759| if (delegate != null)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 760| {\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.addClientMessageBodyReader(org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey, javax.ws.rs.Consumes)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 880, + "event": "path", + "message": "Condition \"clientMessageBodyReaders == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 882, + "event": "returned_null", + "message": "\"getClientMessageBodyReaders\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 882, + "event": "null_method_call", + "message": "Calling a method on null object \"parent.getClientMessageBodyReaders()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 880| if (clientMessageBodyReaders == null)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 881| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 882|-> clientMessageBodyReaders = parent.getClientMessageBodyReaders().clone();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 883| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 884| if (consumeMime != null)\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.addClientMessageBodyWriter(javax.ws.rs.Produces, org.jboss.resteasy.spi.ResteasyProviderFactory$SortedKey)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 966, + "event": "path", + "message": "Condition \"clientMessageBodyWriters == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 968, + "event": "returned_null", + "message": "\"getClientMessageBodyWriters\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 968, + "event": "null_method_call", + "message": "Calling a method on null object \"parent.getClientMessageBodyWriters()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 966| if (clientMessageBodyWriters == null)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 967| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 968|-> clientMessageBodyWriters = parent.getClientMessageBodyWriters().clone();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 969| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 970| if (consumeMime != null)\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.addContextResolver(javax.ws.rs.ext.ContextResolver, java.lang.reflect.Type, java.lang.Class, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 1163, + "event": "path", + "message": "Condition \"contextResolvers == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 1166, + "event": "returned_null", + "message": "\"getContextResolvers\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 1166, + "event": "null_method_call", + "message": "Calling a method on null object \"parent.getContextResolvers()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1164| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1165| contextResolvers = new ConcurrentHashMap, MediaTypeMap>>();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1166|-> for (Map.Entry, MediaTypeMap>> entry : parent.getContextResolvers().entrySet())\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1167| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1168| contextResolvers.put(entry.getKey(), entry.getValue().clone());\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.getContextResolvers(java.lang.Class, javax.ws.rs.core.MediaType)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 1247, + "event": "returned_null", + "message": "\"getContextResolvers\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 1247, + "event": "null_method_call", + "message": "Calling a method on null object \"getContextResolvers()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1245| public List getContextResolvers(final Class clazz, MediaType type)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1246| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1247|-> MediaTypeMap> resolvers = getContextResolvers().get(clazz);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1248| if (resolvers == null) return null;\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1249| List rtn = new ArrayList();\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.ResteasyProviderFactory.getClientExceptionMapper(java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 2146, + "event": "returned_null", + "message": "\"getClientExceptionMappers\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/ResteasyProviderFactory.java", + "line": 2146, + "event": "null_method_call", + "message": "Calling a method on null object \"getClientExceptionMappers()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2144| public ClientExceptionMapper getClientExceptionMapper(Class type)\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2145| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2146|-> return getClientExceptionMappers().get(type);\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2147| }\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2148| \r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.jboss.resteasy.spi.touri.AbstractURITemplateAnnotationResolver.getValues(java.lang.Object, java.util.Map, java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java", + "line": 49, + "event": "path", + "message": "Iterating over another element of \"params\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java", + "line": 52, + "event": "path", + "message": "Condition \"propertyDescriptor == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java", + "line": 57, + "event": "returned_null", + "message": "\"getReadMethod\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java", + "line": 57, + "event": "var_assigned", + "message": "Assigning: \"readMethod\" = \"null\" return value from \"getReadMethod\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/spi/touri/AbstractURITemplateAnnotationResolver.java", + "line": 58, + "event": "null_method_call", + "message": "Calling a method on null object \"readMethod\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| \r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| Method readMethod = propertyDescriptor.getReadMethod();\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 58|-> if (!Modifier.isPublic(readMethod.getDeclaringClass().getModifiers()))\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| {\r", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| readMethod.setAccessible(true);\r", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.encodeObject(java.io.Serializable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 697, + "event": "path", + "message": "Condition \"serializableObject == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 706, + "event": "assign_zero", + "message": "Assigning: \"oos\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 714, + "event": "path", + "message": "Condition \"(options & 2 /* org.jboss.resteasy.util.Base64.GZIP */) != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 718, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"ObjectOutputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 727, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 731, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 736, + "event": "null_method_call", + "message": "Calling a method on null object \"oos\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 734| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 735| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 736|-> { oos.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 737| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 738| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.encodeObject(java.io.Serializable, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 697, + "event": "path", + "message": "Condition \"serializableObject == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 705, + "event": "assign_zero", + "message": "Assigning: \"gzos\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 714, + "event": "path", + "message": "Condition \"(options & 2 /* org.jboss.resteasy.util.Base64.GZIP */) != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 725, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"writeObject\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 727, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 731, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 736, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 740, + "event": "null_method_call", + "message": "Calling a method on null object \"gzos\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 738| {}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 739| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 740|-> { gzos.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 741| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 742| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.decodeToObject(java.lang.String, int, java.lang.ClassLoader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1462, + "event": "assign_zero", + "message": "Assigning: \"ois\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1470, + "event": "path", + "message": "Condition \"loader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1472, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"ObjectInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1500, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1502, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1511, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1515, + "event": "null_method_call", + "message": "Calling a method on null object \"ois\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1513| {}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1514| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1515|-> { ois.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1516| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1517| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.encodeToFile(byte[], java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1542, + "event": "path", + "message": "Condition \"dataToEncode == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1547, + "event": "assign_zero", + "message": "Assigning: \"bos\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1550, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileOutputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1554, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1556, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1561, + "event": "null_method_call", + "message": "Calling a method on null object \"bos\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1559| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1560| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1561|-> { bos.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1562| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1563| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.decodeToFile(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1586, + "event": "assign_zero", + "message": "Assigning: \"bos\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1589, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileOutputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1593, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1595, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1600, + "event": "null_method_call", + "message": "Calling a method on null object \"bos\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1598| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1599| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1600|-> { bos.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1601| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1602| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.decodeFromFile(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1627, + "event": "assign_zero", + "message": "Assigning: \"bis\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1637, + "event": "path", + "message": "Condition \"file.length() > 2147483647L /* java.lang.Integer.MAX_VALUE */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1644, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1659, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1661, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1666, + "event": "null_method_call", + "message": "Calling a method on null object \"bis\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1664| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1665| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1666|-> { bis.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1667| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1668| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.encodeFromFile(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1694, + "event": "assign_zero", + "message": "Assigning: \"bis\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1704, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1718, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1720, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1725, + "event": "null_method_call", + "message": "Calling a method on null object \"bis\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1723| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1724| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1725|-> { bis.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1726| catch (Exception e)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1727| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.encodeFileToFile(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1746, + "event": "assign_zero", + "message": "Assigning: \"out\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1749, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileOutputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1753, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1755, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1760, + "event": "null_method_call", + "message": "Calling a method on null object \"out\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1758| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1759| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1760|-> { out.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1761| catch (Exception ex)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1762| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.jboss.resteasy.util.Base64.decodeFileToFile(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1780, + "event": "assign_zero", + "message": "Assigning: \"out\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1783, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileOutputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1787, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1789, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/Base64.java", + "line": 1794, + "event": "null_method_call", + "message": "Calling a method on null object \"out\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1792| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1793| try", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1794|-> { out.close(); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1795| catch (Exception ex)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1796| {}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNUSED_VALUE", + "cwe": 563, + "function": "org.jboss.resteasy.util.CookieParser.parseCookies(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/CookieParser.java", + "line": 39, + "event": "value_overwrite", + "message": "Overwriting previous write to \"cookieValue\" with value from \"value\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/CookieParser.java", + "line": 35, + "event": "assigned_reference", + "message": "Assigning value from \"path\" to \"cookieValue\" here, but that stored value is overwritten before it can be used.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33| if (cookieName != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| cookies.add(new Cookie(cookieName, cookieValue, path, domain, version));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35|-> cookieName = cookieValue = path = domain = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.util.DateUtil.parseDate(java.lang.String, java.util.Collection, java.util.Date)", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 125, + "event": "path", + "message": "Condition \"dateValue == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 129, + "event": "path", + "message": "Condition \"dateFormats == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 133, + "event": "path", + "message": "Condition \"startDate == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 67, + "event": "thread_shared_data", + "message": "\"org.jboss.resteasy.util.DateUtil.DEFAULT_TWO_DIGIT_YEAR_START\" is global and therefore thread-shared.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 135, + "event": "assign", + "message": "Assigning: \"startDate\" = \"org.jboss.resteasy.util.DateUtil.DEFAULT_TWO_DIGIT_YEAR_START\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 139, + "event": "path", + "message": "Condition \"dateValue.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 139, + "event": "path", + "message": "Condition \"dateValue.startsWith(\"'\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 139, + "event": "path", + "message": "Condition \"dateValue.endsWith(\"'\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 150, + "event": "path", + "message": "Condition \"formatIter.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 153, + "event": "path", + "message": "Condition \"dateParser == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 157, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"startDate\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 157, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/DateUtil.java", + "line": 157, + "event": "write", + "message": "\"startDate\" is modified in call to \"set2DigitYearStart\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 155| dateParser = new SimpleDateFormat(format, Locale.US);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| dateParser.setTimeZone(TimeZone.getTimeZone(\"GMT\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157|-> dateParser.set2DigitYearStart(startDate);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| else", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.util.ThreadLocalStack.push(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 17, + "event": "return_thread_shared", + "message": "Call to \"getStack\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 17, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getStack(true)\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 17, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 17, + "event": "write", + "message": "\"getStack(true)\" is modified in call to \"add\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 15| public void push(T obj)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 16| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 17|-> getStack(true).add(obj);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 18| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 19| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.util.ThreadLocalStack.pop()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 40, + "event": "return_thread_shared", + "message": "Call to \"get\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 40, + "event": "assign", + "message": "Assigning: \"stack\" = \"(java.util.ArrayList)local.get()\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 41, + "event": "path", + "message": "Condition \"stack == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 41, + "event": "path", + "message": "Condition \"stack.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 42, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"stack\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 42, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 42, + "event": "write", + "message": "\"stack\" is modified in call to \"remove\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| ArrayList stack = local.get();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| if (stack == null || stack.isEmpty()) return null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42|-> return stack.remove(stack.size() - 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.util.ThreadLocalStack.setLast(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 47, + "event": "return_thread_shared", + "message": "Call to \"getStack\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 47, + "event": "assign", + "message": "Assigning: \"stack\" = \"getStack(true)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 48, + "event": "path", + "message": "Condition \"stack.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 50, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"stack\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 50, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 50, + "event": "write", + "message": "\"stack\" is modified in call to \"add\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| if (stack.isEmpty())", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50|-> stack.add(obj);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| else", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.jboss.resteasy.util.ThreadLocalStack.setLast(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 47, + "event": "return_thread_shared", + "message": "Call to \"getStack\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 47, + "event": "assign", + "message": "Assigning: \"stack\" = \"getStack(true)\".", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 48, + "event": "path", + "message": "Condition \"stack.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 54, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"stack\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 54, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "Resteasy-3.0.26.Final/resteasy-jaxrs/src/main/java/org/jboss/resteasy/util/ThreadLocalStack.java", + "line": 54, + "event": "write", + "message": "\"stack\" is modified in call to \"set\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> stack.set(stack.size() - 1, obj);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "clear_file", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "rsync-3.2.3/rsync.h", + "line": 793, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "rsync-3.2.3/flist.c", + "line": 2851, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2849| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2850| \t/* The +1 zeros out the first char of the basename. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2851|-> \tmemset(file, 0, FILE_STRUCT_LEN + 1);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2852| \t/* In an empty entry, F_DEPTH() is an offset to the next non-empty", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2853| \t * entry. Likewise for len32 in the opposite direction. We assume", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "next_event_batch", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2449, + "event": "lock", + "message": "Locking \"&p->tslot_mutex\".", + "verbosity_level": 1 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2450, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"ts\".", + "verbosity_level": 1 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2451, + "event": "unlock", + "message": "Unlocking \"&p->tslot_mutex\". \"ts\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2460, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2463, + "event": "path", + "message": "Condition \"tsk\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2482, + "event": "path", + "message": "Condition \"p->poller == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2453, + "event": "lockagain", + "message": "Locking \"&p->sched_mutex\" again.", + "verbosity_level": 1 + }, + { + "file_name": "qpid-proton-0.39.0/c/src/proactor/epoll.c", + "line": 2484, + "event": "use", + "message": "Using an unreliable value of \"ts\" inside the second locked section. If the data that \"ts\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2482| if (p->poller == NULL) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2483| bool return_immediately;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2484|-> p->poller = ts;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2485| // Get new epoll events (if any) and mark the relevant tasks as runnable", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2486| return_immediately = poller_do_epoll(p, ts, can_block);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "readSocket", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1082, + "event": "path", + "message": "Condition \"(size_t)iMaxLine < 4096UL /* sizeof (bufRcv) - 1 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1084, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1091, + "event": "path", + "message": "Condition \"pLstn->bUseCreds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1105, + "event": "tainted_argument", + "message": "Calling function \"recvmsg\" taints argument \"msgh\".", + "verbosity_level": 1 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1107, + "event": "path", + "message": "Condition \"Debug\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1108, + "event": "path", + "message": "Condition \"iRcvd > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1110, + "event": "path", + "message": "Condition \"pLstn->bUseCreds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1112, + "event": "path", + "message": "Condition \"(size_t)msgh.msg_controllen >= 16UL /* sizeof (struct cmsghdr) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1112, + "event": "var_assign_var", + "message": "Assigning: \"cm\" = \"((size_t)msgh.msg_controllen >= 16UL) ? (struct cmsghdr *)msgh.msg_control : NULL\". Both are now tainted.", + "verbosity_level": 1 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1112, + "event": "path", + "message": "Condition \"cm\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1114, + "event": "path", + "message": "Condition \"pLstn->bUseCreds\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1114, + "event": "path", + "message": "Condition \"cm->cmsg_level == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1114, + "event": "path", + "message": "Condition \"cm->cmsg_type == SCM_CREDENTIALS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1116, + "event": "identity_transfer", + "message": "Passing \"cm->__cmsg_data\" as argument 2 to function \"memcpy\", which sets \"cred\" to the dereference of that argument. [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1116, + "event": "tainted_data_transitive", + "message": "Call to function \"memcpy\" with tainted argument \"cm->__cmsg_data\" transitively taints \"cred\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1121, + "event": "path", + "message": "Condition \"pLstn->bUseSysTimeStamp\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1121, + "event": "path", + "message": "Condition \"cm->cmsg_level == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1121, + "event": "path", + "message": "Condition \"cm->cmsg_type == 29\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1127, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1112, + "event": "path", + "message": "Condition \"cm\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1130, + "event": "path", + "message": "Condition \"cred_set\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1130, + "event": "path", + "message": "Condition \"ts_set\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1130, + "event": "path_manipulation_sink", + "message": "Constructing a path or URI using the tainted value \"(cred_set ? &cred : NULL)->pid\" and passing it to \"SubmitMsg\". This may allow an attacker to access, modify, or test the existence of critical or sensitive files.", + "verbosity_level": 0 + }, + { + "file_name": "rsyslog-8.2102.0/plugins/imuxsock/imuxsock.c", + "line": 1130, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1128| \t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1129| #\t\tendif /* defined(HAVE_SCM_CREDENTIALS) || defined(HAVE_SO_TIMESTAMP) */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1130|-> \t\tCHKiRet(SubmitMsg(pRcv, iRcvd, pLstn, (cred_set ? &cred : NULL), (ts_set ? &ts : NULL)));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1131| \t} else if(iRcvd < 0 && errno != EINTR && errno != EAGAIN) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1132| \t\tchar errStr[1024];", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "iseq_compile_pattern_each", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "ruby-3.0.4/compile.c", + "line": 5671, + "event": "path", + "message": "Switch case value \"NODE_HSHPTN\".", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"!node->u3.node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6074, + "event": "path", + "message": "Condition \"node->u1.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6076, + "event": "path", + "message": "Condition \"!iseq_compile_each(iseq, ret, node->u1.node, 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6082, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6086, + "event": "path", + "message": "Condition \"RB_NIL_P(keys)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6088, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6093, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6099, + "event": "path", + "message": "Condition \"node->u3.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6100, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6103, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6108, + "event": "path", + "message": "Condition \"args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6110, + "event": "local_ptr_assign_local", + "message": "Assigning: \"match_values->last\" = \"&match_values->anchor\" (address of local variable \"match_values\").", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6112, + "event": "path", + "message": "Condition \"i < keys_num\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6133, + "event": "identity_transfer", + "message": "Passing field \"match_values->last\" (indirectly, via argument 2) to function \"APPEND_LIST\", which assigns it to \"ret->last\".", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6134, + "event": "out_of_scope", + "message": "Variable \"match_values\" goes out of scope.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6135, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6142, + "event": "path", + "message": "Condition \"node->u3.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6143, + "event": "path", + "message": "Condition \"node->u3.node == (struct RNode *)0xffffffffffffffff\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6144, + "event": "use_invalid_in_call", + "message": "In \"ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_dup, 0))\", using \"ret->last\", which points to an out-of-scope variable \"match_values\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6142| if (node->nd_pkwrestarg) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6143| if (node->nd_pkwrestarg == NODE_SPECIAL_NO_REST_KEYWORD) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6144|-> ADD_INSN(ret, line, dup);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6145| ADD_SEND(ret, line, idEmptyP, INT2FIX(0));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6146| ADD_INSNL(ret, line, branchunless, match_failed);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "iseq_compile_pattern_each", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "ruby-3.0.4/compile.c", + "line": 5671, + "event": "path", + "message": "Switch case value \"NODE_HSHPTN\".", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"!node->u3.node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6074, + "event": "path", + "message": "Condition \"node->u1.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6076, + "event": "path", + "message": "Condition \"!iseq_compile_each(iseq, ret, node->u1.node, 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6082, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6086, + "event": "path", + "message": "Condition \"RB_NIL_P(keys)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6088, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6093, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6099, + "event": "path", + "message": "Condition \"node->u3.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6100, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6103, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6108, + "event": "path", + "message": "Condition \"args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6110, + "event": "local_ptr_assign_local", + "message": "Assigning: \"match_values->last\" = \"&match_values->anchor\" (address of local variable \"match_values\").", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6112, + "event": "path", + "message": "Condition \"i < keys_num\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6133, + "event": "identity_transfer", + "message": "Passing field \"match_values->last\" (indirectly, via argument 2) to function \"APPEND_LIST\", which assigns it to \"ret->last\".", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6134, + "event": "out_of_scope", + "message": "Variable \"match_values\" goes out of scope.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6135, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6142, + "event": "path", + "message": "Condition \"node->u3.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6143, + "event": "path", + "message": "Condition \"node->u3.node == (struct RNode *)0xffffffffffffffff\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6149, + "event": "use_invalid_in_call", + "message": "In \"ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_dup, 0))\", using \"ret->last\", which points to an out-of-scope variable \"match_values\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6147| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6148| else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6149|-> ADD_INSN(ret, line, dup);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6150| CHECK(iseq_compile_pattern_match(iseq, ret, node->nd_pkwrestarg, match_failed, in_alt_pattern, FALSE));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6151| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "iseq_compile_pattern_each", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "ruby-3.0.4/compile.c", + "line": 5671, + "event": "path", + "message": "Switch case value \"NODE_HSHPTN\".", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6065, + "event": "path", + "message": "Condition \"!node->u3.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6067, + "event": "path", + "message": "Condition \"kw_args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6068, + "event": "path", + "message": "Condition \"kw_args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6071, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6068, + "event": "path", + "message": "Condition \"kw_args\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6074, + "event": "path", + "message": "Condition \"node->u1.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6076, + "event": "path", + "message": "Condition \"!iseq_compile_each(iseq, ret, node->u1.node, 0)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6082, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6086, + "event": "path", + "message": "Condition \"RB_NIL_P(keys)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6088, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6093, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6099, + "event": "path", + "message": "Condition \"node->u3.node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6103, + "event": "path", + "message": "Condition \"node->u2.node\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6108, + "event": "path", + "message": "Condition \"args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6110, + "event": "local_ptr_assign_local", + "message": "Assigning: \"match_values->last\" = \"&match_values->anchor\" (address of local variable \"match_values\").", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6112, + "event": "path", + "message": "Condition \"i < keys_num\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6133, + "event": "identity_transfer", + "message": "Passing field \"match_values->last\" (indirectly, via argument 2) to function \"APPEND_LIST\", which assigns it to \"ret->last\".", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6134, + "event": "out_of_scope", + "message": "Variable \"match_values\" goes out of scope.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6135, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6142, + "event": "path", + "message": "Condition \"node->u3.node\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 6154, + "event": "use_invalid_in_call", + "message": "In \"ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))\", using \"ret->last\", which points to an out-of-scope variable \"match_values\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6152| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6153| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6154|-> ADD_INSN(ret, line, pop);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6155| ADD_INSNL(ret, line, jump, matched);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6156| ADD_INSN(ret, line, putnil);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "iseq_compile_each0", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7545, + "event": "path", + "message": "Condition \"ISEQ_COMPILE_DATA(iseq)->last_line == line\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7547, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7563, + "event": "path", + "message": "Switch case value \"NODE_COLON2\".", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8656, + "event": "path", + "message": "Condition \"rb_is_const_id(node->u2.id)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8665, + "event": "local_ptr_assign_local", + "message": "Assigning: \"body->last\" = \"&body->anchor\" (address of local variable \"body\").", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8666, + "event": "path", + "message": "Condition \"!compile_const_prefix(iseq, node, pref, body)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8667, + "event": "path", + "message": "Condition \"LIST_INSN_SIZE_ZERO(pref)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8684, + "event": "identity_transfer", + "message": "Passing field \"body->last\" (indirectly, via argument 2) to function \"APPEND_LIST\", which assigns it to \"ret->last\".", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8686, + "event": "out_of_scope", + "message": "Variable \"body\" goes out of scope.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8686, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8693, + "event": "path", + "message": "Condition \"popped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8694, + "event": "use_invalid_in_call", + "message": "In \"ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))\", using \"ret->last\", which points to an out-of-scope variable \"body\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8692| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8693| \tif (popped) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8694|-> \t ADD_INSN(ret, line, pop);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8695| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8696| \tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "iseq_compile_each0", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7545, + "event": "path", + "message": "Condition \"ISEQ_COMPILE_DATA(iseq)->last_line == line\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7547, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 7563, + "event": "path", + "message": "Switch case value \"NODE_COLON2\".", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8656, + "event": "path", + "message": "Condition \"rb_is_const_id(node->u2.id)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8664, + "event": "local_ptr_assign_local", + "message": "Assigning: \"pref->last\" = \"&pref->anchor\" (address of local variable \"pref\").", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8666, + "event": "path", + "message": "Condition \"!compile_const_prefix(iseq, node, pref, body)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8667, + "event": "path", + "message": "Condition \"LIST_INSN_SIZE_ZERO(pref)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8683, + "event": "identity_transfer", + "message": "Passing field \"pref->last\" (indirectly, via argument 2) to function \"APPEND_LIST\", which assigns it to \"ret->last\".", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8686, + "event": "out_of_scope", + "message": "Variable \"pref\" goes out of scope.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8686, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8693, + "event": "path", + "message": "Condition \"popped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "ruby-3.0.4/compile.c", + "line": 8694, + "event": "use_invalid_in_call", + "message": "In \"ADD_ELEM(ret, (LINK_ELEMENT *)new_insn_body(iseq, line, YARVINSN_pop, 0))\", using \"ret->last\", which points to an out-of-scope variable \"pref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8692| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8693| \tif (popped) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8694|-> \t ADD_INSN(ret, line, pop);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8695| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8696| \tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "gc_move", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "ruby-3.0.4/gc.c", + "line": 605, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/gc.c", + "line": 571, + "event": "nested_field_definition", + "message": "A nested aggregate with a const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/include/ruby/internal/core/rbasic.h", + "line": 49, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "ruby-3.0.4/gc.c", + "line": 8695, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8693| /* Move the object */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8694| memcpy(dest, src, sizeof(RVALUE));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8695|-> memset(src, 0, sizeof(RVALUE));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8696| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 8697| /* Set bits for object in new location */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "COMPILER_WARNING", + "language": "c/c++", + "tool": "gcc", + "key_event_idx": 2, + "events": [ + { + "file_name": "oneTBB-2020.3/src/tbb/tbb_misc.h", + "line": 22, + "event": "included_from", + "message": "Included from here.", + "verbosity_level": 1 + }, + { + "file_name": "oneTBB-2020.3/src/tbb/tbb_misc.cpp", + "line": 24, + "event": "included_from", + "message": "Included from here.", + "verbosity_level": 1 + }, + { + "file_name": "oneTBB-2020.3/include/tbb/atomic.h", + "line": 21, + "column": 141, + "event": "note", + "message": "'#pragma message: TBB Warning: tbb/atomic.h is deprecated. For details, please see Deprecated Features appendix in the TBB reference manual.'", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 19| #if !defined(__TBB_show_deprecation_message_atomic_H) && defined(__TBB_show_deprecated_header_message)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 20| #define __TBB_show_deprecation_message_atomic_H", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 21|-> #pragma message(\"TBB Warning: tbb/atomic.h is deprecated. For details, please see Deprecated Features appendix in the TBB reference manual.\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 22| #endif", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 23| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "tbb::internal::rml::rml_atfork_child()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "oneTBB-2020.3/python/rml/ipc_server.cpp", + "line": 341, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "oneTBB-2020.3/python/rml/ipc_server.cpp", + "line": 1086, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1084| ipc_server* server = static_cast( my_global_server );", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1085| server->~ipc_server();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1086|-> memset( server, 0, sizeof(ipc_server) );", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1087| new( server ) ipc_server( *my_global_client );", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1088| pthread_atfork( NULL, NULL, rml_atfork_child );", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "mozilla::ValidateDraw(mozilla::WebGLContext *, unsigned int, unsigned int)::[lambda(unsigned char, mozilla::webgl::TextureBaseType) (instance 1)]::operator ()(unsigned char, mozilla::webgl::TextureBaseType) const", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp", + "line": 486, + "event": "find", + "message": "Calling \"find\" with element \"loc\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp", + "line": 486, + "event": "assign", + "message": "Assigning: \"itr\" = \"this->fragOutputs->find(loc)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLContextDraw.cpp", + "line": 489, + "event": "deref_iterator", + "message": "Dereferencing iterator \"itr\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 487| MOZ_DIAGNOSTIC_ASSERT(itr != fragOutputs.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 488| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 489|-> const auto& info = itr->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 490| const auto& srcBaseType = info.baseType;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 491| if (MOZ_UNLIKELY(dstBaseType != srcBaseType)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "mozilla::CommentsToSpaces(std::__cxx11::basic_string, std::allocator > const &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 37, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 45, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 45, + "event": "assign", + "message": "Assigning: \"end\" = \"src->end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 47, + "event": "path", + "message": "Condition \"std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 56, + "event": "path", + "message": "Condition \"isBlockComment\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 60, + "event": "path", + "message": "Condition \"isBlockComment\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 64, + "event": "assign", + "message": "Assigning: \"commentEnd\" = \"end\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"!isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 67, + "event": "path", + "message": "Condition \"std::regex_search(itr, end, match, endRegex, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 69, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 73, + "event": "path", + "message": "Condition \"itr != commentEnd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 75, + "event": "path", + "message": "Condition \"cur == '\\n'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 78, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 73, + "event": "path", + "message": "Condition \"itr != commentEnd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 79, + "event": "path", + "message": "Condition \"isBlockComment\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 82, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 47, + "event": "path", + "message": "Condition \"std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 56, + "event": "path", + "message": "Condition \"isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 60, + "event": "path", + "message": "Condition \"isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 64, + "event": "assign", + "message": "Assigning: \"commentEnd\" = \"end\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"!isBlockComment\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"itr != end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"*itr == '\\n'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 67, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 73, + "event": "path", + "message": "Condition \"itr != commentEnd\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 79, + "event": "path", + "message": "Condition \"isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 82, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 47, + "event": "path", + "message": "Condition \"std::regex_search(itr, end, match, RE_COMMENT_BEGIN, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 56, + "event": "path", + "message": "Condition \"isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 60, + "event": "path", + "message": "Condition \"isBlockComment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 64, + "event": "assign", + "message": "Assigning: \"commentEnd\" = \"end\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"!isBlockComment\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "path", + "message": "Condition \"itr != end\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 65, + "event": "tested_end", + "message": "\"itr\" testing equal to \"end\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 67, + "event": "identity_transfer", + "message": "Passing \"itr\" as argument 1 to function \"regex_search\", which sets \"match._M_begin\" to that argument.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 67, + "event": "path", + "message": "Condition \"std::regex_search(itr, end, match, endRegex, (std::regex_constants::match_flag_type)0 /* std::regex_constants::match_default */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 69, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 73, + "event": "path", + "message": "Condition \"itr != commentEnd\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/canvas/WebGLValidateStrings.cpp", + "line": 74, + "event": "deref_iterator", + "message": "Dereferencing iterator \"itr\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| for (; itr != commentEnd; ++itr) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74|-> const auto cur = *itr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| if (cur == '\\n') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| ret += cur;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodePublicKeyObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 17, + "event": "path", + "message": "Condition \"!!NS_FAILED_impl(rv)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 22, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborPubKeyOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 40, + "event": "path", + "message": "Condition \"!aPubKeyObj->Assign(cborPubKeyOut.cbor::output_dynamic::data(), cborPubKeyOut.cbor::output_dynamic::size())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 41, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborPubKeyOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| if (!aPubKeyObj.Assign(cborPubKeyOut.data(), cborPubKeyOut.size())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41|-> return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| return NS_OK;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodePublicKeyObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 17, + "event": "path", + "message": "Condition \"!!NS_FAILED_impl(rv)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 22, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborPubKeyOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 40, + "event": "path", + "message": "Condition \"!aPubKeyObj->Assign(cborPubKeyOut.cbor::output_dynamic::data(), cborPubKeyOut.cbor::output_dynamic::size())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 43, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborPubKeyOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> return NS_OK;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodeFidoU2FAttestationObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 66, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborAttOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 90, + "event": "path", + "message": "Condition \"!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 91, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborAttOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91|-> return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| return NS_OK;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodeFidoU2FAttestationObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 66, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborAttOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 90, + "event": "path", + "message": "Condition \"!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 93, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborAttOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93|-> return NS_OK;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodeNoneAttestationObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 108, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborAttOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 122, + "event": "path", + "message": "Condition \"!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 123, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborAttOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| if (!aAttestationObj.Assign(cborAttOut.data(), cborAttOut.size())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123|-> return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| return NS_OK;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "mozilla::dom::CBOREncodeNoneAttestationObj(mozilla::dom::CryptoBuffer const &, mozilla::dom::CryptoBuffer &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 108, + "event": "new_array", + "message": "\"output_dynamic\" allocates \"cborAttOut._buffer\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 122, + "event": "path", + "message": "Condition \"!aAttestationObj->Assign(cborAttOut.cbor::output_dynamic::data(), cborAttOut.cbor::output_dynamic::size())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/dom/webauthn/WebAuthnCBORUtil.cpp", + "line": 125, + "event": "delete_var", + "message": "\"~output_dynamic\" uses delete on \"cborAttOut._buffer\" which is an array. It should be deleted with \"operator delete[]\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| return NS_ERROR_OUT_OF_MEMORY;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125|-> return NS_OK;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "mozilla::gfx::DrawEventRecorderPrivate::DecrementUnscaledFontRefCount(mozilla::gfx::ReferencePtr)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp", + "line": 74, + "event": "find", + "message": "Calling \"find\" with element \"aUnscaledFont.operator void *()\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp", + "line": 74, + "event": "assign", + "message": "Assigning: \"element\" = \"this->mUnscaledFontRefs.find(std::unordered_map, std::equal_to, std::allocator > >::key_type const(aUnscaledFont.operator void *()))\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/2d/DrawEventRecorder.cpp", + "line": 78, + "event": "deref_iterator", + "message": "Dereferencing iterator \"element\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| \"DecrementUnscaledFontRefCount calls should balance \"", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| \"with IncrementUnscaledFontRefCount calls\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78|-> if (--(element->second) <= 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| RecordEvent(RecordedUnscaledFontDestruction(aUnscaledFont));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| mUnscaledFontRefs.erase(aUnscaledFont);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "sh::CallDAG::CallDAGCreator::visitAggregate(sh::Visit, sh::TIntermAggregate *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 129, + "event": "path", + "message": "Condition \"node->getOp() == sh::EOpCallFunctionInAST\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 132, + "event": "find", + "message": "Calling \"find\" with element \"node->getFunction()->uniqueId()->get()\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 132, + "event": "assign", + "message": "Assigning: \"it\" = \"this->mFunctions.find(std::map, std::allocator > >::key_type const(node->getFunction()->uniqueId()->get()))\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 133, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 138, + "event": "path", + "message": "Condition \"this->mCurrentFunction\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/CallDAG.cpp", + "line": 140, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 138| if (mCurrentFunction)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 140|-> mCurrentFunction->callees.insert(&it->second);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "sh::ShaderStorageBlockOutputHLSL::traverseSSBOAccess(sh::TIntermTyped *, sh::SSBOMethod)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 466, + "event": "path", + "message": "Condition \"node->getType()->isUnsizedArray()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 470, + "event": "path", + "message": "Condition \"binaryNode\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 474, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 477, + "event": "find", + "message": "Calling \"find\" with element \"field\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 477, + "event": "assign", + "message": "Assigning: \"fieldInfoIter\" = \"this->mBlockMemberInfoMap.find(field)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 478, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 479, + "event": "deref_iterator", + "message": "Dereferencing iterator \"fieldInfoIter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 477| auto fieldInfoIter = mBlockMemberInfoMap.find(field);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479|-> unsizedArrayStride = fieldInfoIter->second.arrayStride;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 481| else", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "sh::ShaderStorageBlockOutputHLSL::traverseSSBOAccess(sh::TIntermTyped *, sh::SSBOMethod)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 466, + "event": "path", + "message": "Condition \"node->getType()->isUnsizedArray()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 470, + "event": "path", + "message": "Condition \"binaryNode\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 486, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 489, + "event": "find", + "message": "Calling \"find\" with element \"field\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 489, + "event": "assign", + "message": "Assigning: \"fieldInfoIter\" = \"this->mBlockMemberInfoMap.find(field)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 490, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 491, + "event": "deref_iterator", + "message": "Dereferencing iterator \"fieldInfoIter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 489| auto fieldInfoIter = mBlockMemberInfoMap.find(field);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 490| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 491|-> unsizedArrayStride = fieldInfoIter->second.arrayStride;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 492| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 493| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "sh::ShaderStorageBlockOutputHLSL::createFieldOffset(sh::TField const *, sh::BlockMemberInfo *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 661, + "event": "find", + "message": "Calling \"find\" with element \"field\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 661, + "event": "assign", + "message": "Assigning: \"fieldInfoIter\" = \"this->mBlockMemberInfoMap.find(field)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 662, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/ShaderStorageBlockOutputHLSL.cpp", + "line": 663, + "event": "deref_iterator", + "message": "Dereferencing iterator \"fieldInfoIter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 661| auto fieldInfoIter = mBlockMemberInfoMap.find(field);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 662| ASSERT(fieldInfoIter != mBlockMemberInfoMap.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663|-> *blockMemberInfo = fieldInfoIter->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 664| return CreateUIntNode(blockMemberInfo->offset);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 665| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "sh::::PLSBackingStoreMap::RewritePLSToFramebufferFetchTraverser::PLSAttachment>::find(sh::TIntermSymbol *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 75, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 76, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 78, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 79, + "event": "find", + "message": "Calling \"find\" with element \"binding\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 79, + "event": "assign", + "message": "Assigning: \"iter\" = \"this->mMap.find(binding)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 80, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/angle/checkout/src/compiler/translator/tree_ops/RewritePixelLocalStorage.cpp", + "line": 81, + "event": "deref_iterator", + "message": "Dereferencing iterator \"iter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| auto iter = mMap.find(binding);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| ASSERT(iter != mMap.end()); // Ensure PLSImages already exist for this symbol.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81|-> return iter->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "mozilla::layers::APZCTreeManager::ReceiveInputEvent(mozilla::InputData &, std::function &&)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1443, + "event": "path", + "message": "Switch case value \"mozilla::MOUSE_INPUT\".", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1456, + "event": "path", + "message": "Condition \"startsDrag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1471, + "event": "path", + "message": "Condition \"!state.mHit.mTargetApzc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1471, + "event": "path", + "message": "Condition \"this->mRootNode.operator bool()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1476, + "event": "path", + "message": "Condition \"state.mHit.mTargetApzc.operator bool()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1477, + "event": "path", + "message": "Condition \"mozilla::StaticPrefs::apz_test_logging_enabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1477, + "event": "path", + "message": "Condition \"mouseInput.mType == mozilla::MouseInput::MOUSE_HITTEST\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1482, + "event": "find", + "message": "Calling \"find\" with element \"guid.mLayersId\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1482, + "event": "assign", + "message": "Assigning: \"it\" = \"this->mTestData.find(guid.mLayersId)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/layers/apz/src/APZCTreeManager.cpp", + "line": 1484, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1482| auto it = mTestData.find(guid.mLayersId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1483| MOZ_ASSERT(it != mTestData.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1484|-> it->second->RecordHitResult(mouseInput.mOrigin, state.mHit.mHitResult,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1485| guid.mLayersId, guid.mScrollId);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1486| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "function": "gfxFontEntry::EnsureUVSMapInitialized()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 167, + "event": "path", + "message": "Condition \"!this->mCharacterMap.operator gfxCharacterMap *()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 167, + "event": "path", + "message": "Condition \"!this->mShmemCharacterMap.operator SharedBitSet const *()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 173, + "event": "path", + "message": "Condition \"!this->mUVSOffset.operator uint32_t()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 177, + "event": "path", + "message": "Condition \"!this->mUVSData.operator uint8_t const *()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 181, + "event": "path", + "message": "Condition \"cmapTable.operator hb_blob_t *()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 185, + "event": "new_array", + "message": "\"ReadCMAPTableFormat14\" allocates \"uvsData\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 187, + "event": "path", + "message": "Condition \"!!!NS_FAILED_impl(rv)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 188, + "event": "path", + "message": "Condition \"!this->mUVSData.compareExchange(NULL, uvsData)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxFontEntry.cpp", + "line": 189, + "event": "delete_var", + "message": "Deleting array variable \"uvsData\" with non-array \"delete\" in \"delete uvsData\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| if (NS_SUCCEEDED(rv)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| if (!mUVSData.compareExchange(nullptr, uvsData)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189|-> delete uvsData;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "gfxTextRun::FetchGlyphExtents(mozilla::gfx::DrawTarget *) const", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 77, + "events": [ + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1600, + "event": "path", + "message": "Condition \"!needsGlyphExtents\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1600, + "event": "path", + "message": "Condition \"!this->mDetailedGlyphs.operator bool()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1607, + "event": "path", + "message": "Condition \"i < runCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1610, + "event": "path", + "message": "Condition \"!!font->GetStyle()->AdjustedSizeMustBeZero()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1611, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1607, + "event": "path", + "message": "Condition \"i < runCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1610, + "event": "path", + "message": "Condition \"!!font->GetStyle()->AdjustedSizeMustBeZero()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1611, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1607, + "event": "path", + "message": "Condition \"i < runCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1610, + "event": "path", + "message": "Condition \"!!font->GetStyle()->AdjustedSizeMustBeZero()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1626, + "event": "path", + "message": "Condition \"needsGlyphExtents\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Condition \"!glyphData->IsMissing()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1639, + "event": "path", + "message": "Condition \"glyphCount == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1643, + "event": "path", + "message": "Condition \"!details\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "path", + "message": "Condition \"!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1656, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "path", + "message": "Condition \"!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1656, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "path", + "message": "Condition \"!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1656, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Condition \"!glyphData->IsMissing()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1639, + "event": "path", + "message": "Condition \"glyphCount == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1640, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Condition \"!glyphData->IsMissing()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1639, + "event": "path", + "message": "Condition \"glyphCount == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1643, + "event": "path", + "message": "Condition \"!details\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "path", + "message": "Condition \"!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1654, + "event": "lock", + "message": "Locking \"extents->mLock->mRWLock\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1656, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1659, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1607, + "event": "path", + "message": "Condition \"i < runCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1610, + "event": "path", + "message": "Condition \"!!font->GetStyle()->AdjustedSizeMustBeZero()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1626, + "event": "path", + "message": "Condition \"needsGlyphExtents\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1659, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1607, + "event": "path", + "message": "Condition \"i < runCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1610, + "event": "path", + "message": "Condition \"!!font->GetStyle()->AdjustedSizeMustBeZero()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1617, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"extents\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1626, + "event": "path", + "message": "Condition \"needsGlyphExtents\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1658, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1621, + "event": "path", + "message": "Condition \"j < end\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1623, + "event": "path", + "message": "Condition \"glyphData->IsSimpleGlyph()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1637, + "event": "path", + "message": "Condition \"!glyphData->IsMissing()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1639, + "event": "path", + "message": "Condition \"glyphCount == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1643, + "event": "path", + "message": "Condition \"!details\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "path", + "message": "Condition \"!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1652, + "event": "unlock", + "message": "Unlocking \"extents->mLock->mRWLock\". \"extents\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1656, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1646, + "event": "path", + "message": "Condition \"k < glyphCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1654, + "event": "lockagain", + "message": "Locking \"extents->mLock->mRWLock\" again.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/gfx/thebes/gfxTextRun.cpp", + "line": 1648, + "event": "use", + "message": "Using an unreliable value of \"extents\" inside the second locked section. If the data that \"extents\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1646| for (uint32_t k = 0; k < glyphCount; ++k, ++details) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1647| uint32_t glyphIndex = details->mGlyphID;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1648|-> if (!extents->IsGlyphKnownWithTightExtentsLocked(glyphIndex)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1649| #ifdef DEBUG_TEXT_RUN_STORAGE_METRICS", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1650| ++gGlyphExtentsSetupEagerTight;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "ucnv_convertEx_73", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 38, + "events": [ + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2063, + "event": "path", + "message": "Condition \"pErrorCode == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2063, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"targetCnv == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"sourceCnv == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"source == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"*source == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"target == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"*target == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"targetLimit == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"sourceLimit != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"sourceLimit < s\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"targetLimit < t\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"sourceLimit != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"(size_t)(sourceLimit - s) > 2147483647UL /* (size_t)2147483647 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"sourceLimit > s\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"(size_t)(targetLimit - t) > 2147483647UL /* (size_t)2147483647 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"targetLimit > t\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2094, + "event": "path", + "message": "Condition \"pivotStart == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2095, + "event": "path", + "message": "Condition \"!flush\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2102, + "event": "local_ptr_assign_local", + "message": "Assigning: \"pivotStart\" = \"pivotBuffer\" (address of local variable \"pivotBuffer\").", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2106, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2115, + "event": "path", + "message": "Condition \"sourceLimit == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2120, + "event": "path", + "message": "Condition \"reset\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2124, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2142, + "event": "path", + "message": "Condition \"sourceCnv->sharedData->staticData->conversionType == UCNV_UTF8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2142, + "event": "path", + "message": "Condition \"targetCnv->sharedData->impl->fromUTF8 != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2146, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2173, + "event": "path", + "message": "Condition \"convert != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2173, + "event": "path", + "message": "Condition \"pivotLimit - pivotStart > 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2213, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2222, + "event": "path", + "message": "Condition \"*pivotSource < *pivotTarget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2230, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2252, + "event": "path", + "message": "Condition \"sourceCnv->UCharErrorBufferLength > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2253, + "event": "path", + "message": "Condition \"ucnv_outputOverflowToUnicode(sourceCnv, pivotTarget, pivotLimit, NULL, pErrorCode)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2257, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2213, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2222, + "event": "path", + "message": "Condition \"*pivotSource < *pivotTarget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2230, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2243, + "event": "escape_local_addr_alias", + "message": "Returning, through \"*pivotSource\", pointer \"*pivotTarget = pivotStart\" which points to local variable \"pivotBuffer\".", + "verbosity_level": 0 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2252, + "event": "path", + "message": "Condition \"sourceCnv->UCharErrorBufferLength > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"toUArgs.source == sourceLimit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"sourceCnv->preToULength >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"sourceCnv->toULength == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2280, + "event": "path", + "message": "Condition \"convert != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2280, + "event": "path", + "message": "Condition \"targetCnv->preFromUFirstCP < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2280, + "event": "path", + "message": "Condition \"sourceCnv->preToULength == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2281, + "event": "path", + "message": "Condition \"*pErrorCode == U_USING_DEFAULT_WARNING\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2286, + "event": "path", + "message": "Condition \"*pErrorCode == U_BUFFER_OVERFLOW_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2288, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2311, + "event": "path", + "message": "Condition \"*pErrorCode == U_USING_DEFAULT_WARNING\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2322, + "event": "path", + "message": "Condition \"flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2322, + "event": "path", + "message": "Condition \"sourceCnv->toULength > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2330, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2356, + "event": "path", + "message": "Condition \"*pErrorCode == U_BUFFER_OVERFLOW_ERROR\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2359, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2361, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2390, + "event": "path", + "message": "Condition \"flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2390, + "event": "path", + "message": "Condition \"U_SUCCESS(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2400, + "event": "return", + "message": "Returning here.", + "verbosity_level": 2 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2241| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2242| /* The pivot buffer is empty; reset it so we start at pivotStart. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2243|-> *pivotSource=*pivotTarget=pivotStart;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2244| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2245| /*", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "ucnv_convertEx_73", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 34, + "events": [ + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2063, + "event": "path", + "message": "Condition \"pErrorCode == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2063, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"targetCnv == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"sourceCnv == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"source == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"*source == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"target == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"*target == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2067, + "event": "path", + "message": "Condition \"targetLimit == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"sourceLimit != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"sourceLimit < s\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2077, + "event": "path", + "message": "Condition \"targetLimit < t\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"sourceLimit != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"(size_t)(sourceLimit - s) > 2147483647UL /* (size_t)2147483647 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"sourceLimit > s\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"(size_t)(targetLimit - t) > 2147483647UL /* (size_t)2147483647 */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2086, + "event": "path", + "message": "Condition \"targetLimit > t\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2094, + "event": "path", + "message": "Condition \"pivotStart == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2095, + "event": "path", + "message": "Condition \"!flush\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2102, + "event": "local_ptr_assign_local", + "message": "Assigning: \"pivotStart\" = \"pivotBuffer\" (address of local variable \"pivotBuffer\").", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2106, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2115, + "event": "path", + "message": "Condition \"sourceLimit == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2120, + "event": "path", + "message": "Condition \"reset\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2124, + "event": "path", + "message": "Condition \"targetCnv->charErrorBufferLength > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2126, + "event": "path", + "message": "Condition \"ucnv_outputOverflowFromUnicode(targetCnv, target, targetLimit, NULL, pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2132, + "event": "path", + "message": "Condition \"!flush\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2142, + "event": "path", + "message": "Condition \"sourceCnv->sharedData->staticData->conversionType == UCNV_UTF8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2142, + "event": "path", + "message": "Condition \"targetCnv->sharedData->impl->fromUTF8 != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2146, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2173, + "event": "path", + "message": "Condition \"convert != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2173, + "event": "path", + "message": "Condition \"pivotLimit - pivotStart > 32\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2213, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2222, + "event": "path", + "message": "Condition \"*pivotSource < *pivotTarget\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2230, + "event": "path", + "message": "Condition \"U_FAILURE(*pErrorCode)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2243, + "event": "escape_local_addr_alias", + "message": "Returning, through \"*pivotTarget\", pointer \"pivotStart\" which points to local variable \"pivotBuffer\".", + "verbosity_level": 0 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2252, + "event": "path", + "message": "Condition \"sourceCnv->UCharErrorBufferLength > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"toUArgs.source == sourceLimit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"sourceCnv->preToULength >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"sourceCnv->toULength == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"!flush\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2267, + "event": "path", + "message": "Condition \"fromUArgs.flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2272, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2390, + "event": "path", + "message": "Condition \"flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2390, + "event": "path", + "message": "Condition \"U_SUCCESS(*pErrorCode)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2391, + "event": "path", + "message": "Condition \"*target != targetLimit\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2393, + "event": "path", + "message": "Condition \"*pErrorCode == U_STRING_NOT_TERMINATED_WARNING\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2396, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/ucnv.cpp", + "line": 2400, + "event": "return", + "message": "Returning here.", + "verbosity_level": 2 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2241| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2242| /* The pivot buffer is empty; reset it so we start at pivotStart. */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2243|-> *pivotSource=*pivotTarget=pivotStart;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2244| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2245| /*", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "icu_73::UnicodeString::cloneArrayIfNeeded(int, int, signed char, int **, signed char)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1840, + "event": "path", + "message": "Condition \"newCapacity == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1847, + "event": "path", + "message": "Condition \"!this->isWritable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1858, + "event": "path", + "message": "Condition \"forceClone\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1864, + "event": "path", + "message": "Condition \"growCapacity < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1866, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1876, + "event": "path", + "message": "Condition \"flags & icu_73::UnicodeString::kUsingStackBuffer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1878, + "event": "path", + "message": "Condition \"doCopyArray\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1878, + "event": "path", + "message": "Condition \"growCapacity > icu_73::UnicodeString::US_STACKBUF_SIZE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1882, + "event": "local_ptr_assign_local", + "message": "Assigning: \"oldArray\" = \"oldStackBuffer\" (address of local variable \"oldStackBuffer\").", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1883, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1886, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1892, + "event": "path", + "message": "Condition \"this->allocate(growCapacity)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1895, + "event": "path", + "message": "Condition \"doCopyArray\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1900, + "event": "path", + "message": "Condition \"newCapacity < minLength\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1903, + "event": "path", + "message": "Condition \"oldArray != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1907, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1912, + "event": "path", + "message": "Condition \"flags & icu_73::UnicodeString::kRefCounted\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1914, + "event": "offset_of_local", + "message": "\"(icu_73::u_atomic_int32_t *)oldArray - 1\" is an offset of local variable \"oldArray\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1914, + "event": "local_ptr_assign_ptr", + "message": "Assigning: \"pRefCount\" = \"(icu_73::u_atomic_int32_t *)oldArray - 1\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1915, + "event": "path", + "message": "Condition \"icu_73::umtx_atomic_dec(pRefCount) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1916, + "event": "path", + "message": "Condition \"pBufferToDelete == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1923, + "event": "escape_local_addr_alias", + "message": "Returning, through \"*pBufferToDelete\", pointer \"(int32_t *)pRefCount\" which points to local variable \"oldStackBuffer\".", + "verbosity_level": 0 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1927, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/intl/icu/source/common/unistr.cpp", + "line": 1938, + "event": "return", + "message": "Returning here.", + "verbosity_level": 2 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1921| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1922| // the caller requested to delete it himself", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1923|-> *pBufferToDelete = (int32_t *)pRefCount;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1924| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1925| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "v8::internal::::RegExpBytecodePeephole::EmitOptimization(int, unsigned char const *, v8::internal::::BytecodeSequenceNode const &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 692, + "event": "path", + "message": "Condition \"arg < last_node->ArgumentSize()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 698, + "event": "path", + "message": "Condition \"jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 706, + "event": "find", + "message": "Calling \"find\" with element \"jump_destination\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 706, + "event": "assign", + "message": "Assigning: \"jump_count_iter\" = \"this->jump_usage_counts_.find(jump_destination)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 708, + "event": "deref_iterator", + "message": "Dereferencing iterator \"jump_count_iter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 706| auto jump_count_iter = jump_usage_counts_.find(jump_destination);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 707| DCHECK(jump_count_iter != jump_usage_counts_.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708|-> int& usage_count = jump_count_iter->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 709| --usage_count;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 710| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "v8::internal::::RegExpBytecodePeephole::EmitOptimization(int, unsigned char const *, v8::internal::::BytecodeSequenceNode const &)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 692, + "event": "path", + "message": "Condition \"arg < last_node->ArgumentSize()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 698, + "event": "path", + "message": "Condition \"jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 714, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 692, + "event": "path", + "message": "Condition \"arg < last_node->ArgumentSize()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 698, + "event": "path", + "message": "Condition \"jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 714, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 692, + "event": "path", + "message": "Condition \"arg < last_node->ArgumentSize()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 698, + "event": "path", + "message": "Condition \"jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 714, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 692, + "event": "path", + "message": "Condition \"arg < last_node->ArgumentSize()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 719, + "event": "path", + "message": "Condition \"last_node->HasIgnoredArguments()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 720, + "event": "path", + "message": "Condition \"ignored_arg != std::__cxx11::list::BytecodeArgument, v8::internal::ZoneAllocator::BytecodeArgument> >::iterator(last_node->ArgumentIgnoredEnd())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 723, + "event": "path", + "message": "Condition \"jump_edge_iter != std::map, v8::internal::ZoneAllocator > >::iterator(this->jump_edges_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 729, + "event": "find", + "message": "Calling \"find\" with element \"jump_destination\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 729, + "event": "assign", + "message": "Assigning: \"jump_count_iter\" = \"this->jump_usage_counts_.find(jump_destination)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/src/irregexp/imported/regexp-bytecode-peephole.cc", + "line": 731, + "event": "deref_iterator", + "message": "Dereferencing iterator \"jump_count_iter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 729| auto jump_count_iter = jump_usage_counts_.find(jump_destination);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 730| DCHECK(jump_count_iter != jump_usage_counts_.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 731|-> int& usage_count = jump_count_iter->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 732| --usage_count;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 733| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "DELETE_ARRAY", + "cwe": 459, + "imp": 1, + "function": "XPCNativeInterface::NewInstance(JSContext *, IID2NativeInterfaceMap *, nsXPTInterfaceInfo const *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 51, + "events": [ + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 193, + "event": "path", + "message": "Condition \"aInfo->IsMainProcessScriptableOnly()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 193, + "event": "path", + "message": "Condition \"!XRE_IsParentProcess()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 196, + "event": "path", + "message": "Condition \"console.operator bool()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 226, + "event": "path", + "message": "Condition \"!!members.reserve(totalCount)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 226, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 231, + "event": "path", + "message": "Condition \"i < methodCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 235, + "event": "path", + "message": "Condition \"i == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 235, + "event": "path", + "message": "Condition \"i == 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 239, + "event": "path", + "message": "Condition \"!info->IsReflectable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 244, + "event": "path", + "message": "Condition \"!info->GetId(cx, name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 249, + "event": "path", + "message": "Condition \"info->IsSetter()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 258, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 276, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 231, + "event": "path", + "message": "Condition \"i < methodCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 235, + "event": "path", + "message": "Condition \"i == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 236, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 231, + "event": "path", + "message": "Condition \"i < methodCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 235, + "event": "path", + "message": "Condition \"i == 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 235, + "event": "path", + "message": "Condition \"i == 2\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 239, + "event": "path", + "message": "Condition \"!info->IsReflectable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 244, + "event": "path", + "message": "Condition \"!info->GetId(cx, name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 249, + "event": "path", + "message": "Condition \"info->IsSetter()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 262, + "event": "path", + "message": "Condition \"indexInInterface == XPCNativeMember::GetMaxIndexInInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 268, + "event": "path", + "message": "Condition \"info->IsGetter()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 270, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 276, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 231, + "event": "path", + "message": "Condition \"i < methodCount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 278, + "event": "path", + "message": "Condition \"i < constCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 281, + "event": "path", + "message": "Condition \"!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 286, + "event": "path", + "message": "Condition \"!str.operator JSString * const &()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 295, + "event": "path", + "message": "Condition \"indexInInterface == XPCNativeMember::GetMaxIndexInInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 304, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 278, + "event": "path", + "message": "Condition \"i < constCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 281, + "event": "path", + "message": "Condition \"!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 286, + "event": "path", + "message": "Condition \"!str.operator JSString * const &()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 295, + "event": "path", + "message": "Condition \"indexInInterface == XPCNativeMember::GetMaxIndexInInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 304, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 278, + "event": "path", + "message": "Condition \"i < constCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 281, + "event": "path", + "message": "Condition \"!!NS_FAILED_impl(aInfo->GetConstant(i, JS::MutableHandle(&constant), nsTGetterCopies(getter_Copies(namestr)).operator nsTGetterCopies::char_type **()))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 286, + "event": "path", + "message": "Condition \"!str.operator JSString * const &()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 295, + "event": "path", + "message": "Condition \"indexInInterface == XPCNativeMember::GetMaxIndexInInterface()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 304, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 278, + "event": "path", + "message": "Condition \"i < constCount\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 307, + "event": "path", + "message": "Condition \"!bytes\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 311, + "event": "path", + "message": "Condition \"!str.operator JSString * const &()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 320, + "event": "path", + "message": "Condition \"members.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 324, + "event": "path", + "message": "Condition \"!place\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 328, + "event": "new", + "message": "Using \"new\" in \"new (place) XPCNativeInterface(aInfo, interfaceName.operator PropertyKey const &())\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 328, + "event": "identity_transfer", + "message": "Passing \"new (place) XPCNativeInterface(aInfo, interfaceName.operator PropertyKey const &())\" as argument 1 to constructor for class \"RefPtr\", which sets \"obj.mRawPtr\" to that argument.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 333, + "event": "path", + "message": "Condition \"!members.empty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 338, + "event": "path", + "message": "Condition \"!aMap->AddNew(obj.operator XPCNativeInterface *())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/js/xpconnect/src/XPCWrappedNativeInfo.cpp", + "line": 340, + "event": "delete_array_var", + "message": "\"~RefPtr\" uses \"delete[]\" on \"obj.mRawPtr\" which is not an array.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| if (!aMap->AddNew(obj)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| NS_ERROR(\"failed to add our interface!\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340|-> return nullptr;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 342| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "res0_free_info", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "thunderbird-115.5.0/media/libvorbis/lib/backends.h", + "line": 116, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvorbis/lib/vorbis_res0.c", + "line": 68, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| vorbis_info_residue0 *info=(vorbis_info_residue0 *)i;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| if(info){", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> memset(info,0,sizeof(*info));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| _ogg_free(info);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "vorbis_encode_residue_setup", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "thunderbird-115.5.0/media/libvorbis/lib/backends.h", + "line": 116, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvorbis/lib/vorbisenc.c", + "line": 465, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| _ogg_malloc(sizeof(*r));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 465|-> memcpy(r,res->res,sizeof(*r));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 466| if(ci->residues<=number)ci->residues=number+1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 467| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "thread_encoding_proc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 76, + "events": [ + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 50, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 51, + "event": "path", + "message": "Condition \"vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 53, + "event": "lock", + "message": "Locking \"&cpi->h_event_start_encoding[ithread]\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 53, + "event": "path", + "message": "Condition \"sem_wait(&cpi->h_event_start_encoding[ithread]) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 69, + "event": "path", + "message": "Condition \"vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 74, + "event": "path", + "message": "Condition \"mb_row < cm->mb_rows\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 101, + "event": "path", + "message": "Condition \"mb_row != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 109, + "event": "path", + "message": "Condition \"mb_col < cm->mb_cols\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 110, + "event": "path", + "message": "Condition \"(mb_col - 1) % nsync == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"mb_row\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"!(mb_col & nsync - 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 144, + "event": "path", + "message": "Condition \"mb_col != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 152, + "event": "path", + "message": "Condition \"cpi->oxcf.tuning == VP8_TUNE_SSIM\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 156, + "event": "path", + "message": "Condition \"xd->segmentation_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 160, + "event": "path", + "message": "Condition \"cpi->segmentation_map[map_index + mb_col] <= 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 163, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 168, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 175, + "event": "path", + "message": "Condition \"cm->frame_type == KEY_FRAME\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 199, + "event": "path", + "message": "Condition \"cpi->current_layer == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 200, + "event": "path", + "message": "Condition \"xd->mode_info_context->mbmi.mode == ZEROMV\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 200, + "event": "path", + "message": "Condition \"xd->mode_info_context->mbmi.ref_frame == LAST_FRAME\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 203, + "event": "path", + "message": "Condition \"cpi->consec_zero_last[map_index + mb_col] < 255\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 206, + "event": "path", + "message": "Condition \"cpi->consec_zero_last_mvbias[map_index + mb_col] < 255\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 209, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 213, + "event": "path", + "message": "Condition \"x->zero_last_dot_suppress\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"cpi->current_layer == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"cpi->cyclic_refresh_mode_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"xd->segmentation_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 239, + "event": "path", + "message": "Condition \"mbmi->segment_id\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 241, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 282, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 109, + "event": "path", + "message": "Condition \"mb_col < cm->mb_cols\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 110, + "event": "path", + "message": "Condition \"(mb_col - 1) % nsync == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"mb_row\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"!(mb_col & nsync - 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 144, + "event": "path", + "message": "Condition \"mb_col != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 152, + "event": "path", + "message": "Condition \"cpi->oxcf.tuning == VP8_TUNE_SSIM\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 156, + "event": "path", + "message": "Condition \"xd->segmentation_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 160, + "event": "path", + "message": "Condition \"cpi->segmentation_map[map_index + mb_col] <= 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 163, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 168, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 175, + "event": "path", + "message": "Condition \"cm->frame_type == KEY_FRAME\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 199, + "event": "path", + "message": "Condition \"cpi->current_layer == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 200, + "event": "path", + "message": "Condition \"xd->mode_info_context->mbmi.mode == ZEROMV\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 200, + "event": "path", + "message": "Condition \"xd->mode_info_context->mbmi.ref_frame == LAST_FRAME\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 203, + "event": "path", + "message": "Condition \"cpi->consec_zero_last[map_index + mb_col] < 255\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 206, + "event": "path", + "message": "Condition \"cpi->consec_zero_last_mvbias[map_index + mb_col] < 255\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 209, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 213, + "event": "path", + "message": "Condition \"x->zero_last_dot_suppress\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"cpi->current_layer == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"cpi->cyclic_refresh_mode_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 225, + "event": "path", + "message": "Condition \"xd->segmentation_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 229, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"cpi->segmentation_map[map_index + mb_col]\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 239, + "event": "path", + "message": "Condition \"mbmi->segment_id\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 241, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 282, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 109, + "event": "path", + "message": "Condition \"mb_col < cm->mb_cols\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 307, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 74, + "event": "path", + "message": "Condition \"mb_row < cm->mb_rows\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 309, + "event": "unlock", + "message": "Unlocking \"&cpi->h_event_end_encoding[ithread]\". \"cpi->segmentation_map[map_index + mb_col]\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 311, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 50, + "event": "path", + "message": "Condition \"1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 51, + "event": "path", + "message": "Condition \"vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 53, + "event": "path", + "message": "Condition \"sem_wait(&cpi->h_event_start_encoding[ithread]) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 69, + "event": "path", + "message": "Condition \"vpx_atomic_load_acquire(&cpi->b_multi_threaded) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 74, + "event": "path", + "message": "Condition \"mb_row < cm->mb_rows\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 101, + "event": "path", + "message": "Condition \"mb_row != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 109, + "event": "path", + "message": "Condition \"mb_col < cm->mb_cols\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 110, + "event": "path", + "message": "Condition \"(mb_col - 1) % nsync == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"mb_row\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 114, + "event": "path", + "message": "Condition \"!(mb_col & nsync - 1)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 144, + "event": "path", + "message": "Condition \"mb_col != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 152, + "event": "path", + "message": "Condition \"cpi->oxcf.tuning == VP8_TUNE_SSIM\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 156, + "event": "path", + "message": "Condition \"xd->segmentation_enabled\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 160, + "event": "path", + "message": "Condition \"cpi->segmentation_map[map_index + mb_col] <= 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 53, + "event": "lockagain", + "message": "Locking \"&cpi->h_event_start_encoding[ithread]\" again.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/media/libvpx/libvpx/vp8/encoder/ethreading.c", + "line": 161, + "event": "use", + "message": "Using an unreliable value of \"cpi->segmentation_map[map_index + mb_col]\" inside the second locked section. If the data that \"cpi->segmentation_map[map_index + mb_col]\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| if (cpi->segmentation_map[map_index + mb_col] <= 3) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161|-> xd->mode_info_context->mbmi.segment_id =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 162| cpi->segmentation_map[map_index + mb_col];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 163| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sctp_process_a_data_chunk", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 105, + "events": [ + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1721, + "event": "path", + "message": "Condition \"chk_type == 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1731, + "event": "path", + "message": "Condition \"chk_flags & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1734, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1738, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1751, + "event": "path", + "message": "Condition \"(size_t)chk_length == clen\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1762, + "event": "path", + "message": "Condition \"(chk_flags & 8) == 8\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1765, + "event": "path", + "message": "Condition \"(chk_flags & 4) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1766, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_logging_level & 256\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1769, + "event": "path", + "message": "Condition \"stcb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1773, + "event": "path", + "message": "Condition \"asoc->cumulative_tsn < tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1773, + "event": "path", + "message": "Condition \"(uint32_t)(tsn - asoc->cumulative_tsn) > (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1773, + "event": "path", + "message": "Condition \"asoc->cumulative_tsn > tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1773, + "event": "path", + "message": "Condition \"(uint32_t)(asoc->cumulative_tsn - tsn) < (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1773, + "event": "path", + "message": "Condition \"asoc->cumulative_tsn == tsn\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1785, + "event": "path", + "message": "Condition \"tsn >= asoc->mapping_array_base_tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1785, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1786, + "event": "path", + "message": "Condition \"gap >= (4096U /* 0x200 << 3 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1790, + "event": "path", + "message": "Condition \"gap >= (uint32_t)(asoc->mapping_array_size << 3)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1792, + "event": "path", + "message": "Condition \"sctp_expand_mapping_array(asoc, gap)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1797, + "event": "path", + "message": "Condition \"tsn < *high_tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1797, + "event": "path", + "message": "Condition \"(uint32_t)(*high_tsn - tsn) > (2147483648U /* 1U << 31 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1801, + "event": "path", + "message": "Condition \"(asoc->mapping_array[gap >> 3] >> (gap & 7)) & 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1801, + "event": "path", + "message": "Condition \"(asoc->nr_mapping_array[gap >> 3] >> (gap & 7)) & 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1816, + "event": "path", + "message": "Condition \"stcb->sctp_ep->sctp_flags & 268435456\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1816, + "event": "path", + "message": "Condition \"stcb->sctp_ep->sctp_flags & 536870912\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1816, + "event": "path", + "message": "Condition \"stcb->asoc.state & 0x100\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1835, + "event": "path", + "message": "Condition \"sid >= asoc->streamincnt\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1872, + "event": "path", + "message": "Condition \"chk_type == 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1872, + "event": "path", + "message": "Condition \"(chk_flags & 2) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1885, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_debug_on & 524288\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1885, + "event": "path", + "message": "Condition \"system_base_info.debug_printf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1887, + "event": "path", + "message": "Condition \"(chk_flags & 3) != 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1921, + "event": "path", + "message": "Condition \"control != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1941, + "event": "path", + "message": "Condition \"asoc->cnt_on_all_streams + asoc->cnt_on_reasm_queue + asoc->cnt_msg_on_sb >= system_base_info.sctpsysctl.sctp_max_chunks_on_queue\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 1941, + "event": "path", + "message": "Condition \"(int)asoc->my_rwnd <= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2020, + "event": "path", + "message": "Condition \"chk_flags & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2020, + "event": "path", + "message": "Condition \"asoc->resetHead.tqh_first == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2047, + "event": "path", + "message": "Condition \"chk_type == 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2049, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2052, + "event": "path", + "message": "Condition \"last_chunk == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2072, + "event": "path", + "message": "Condition \"chk_type == 64\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2074, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2077, + "event": "path", + "message": "Condition \"dmbuf->m_hdr.mh_next == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2079, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2090, + "event": "path", + "message": "Condition \"l_len > the_len\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2095, + "event": "path", + "message": "Condition \"dmbuf == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2104, + "event": "path", + "message": "Condition \"control == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2105, + "event": "path", + "message": "Condition \"control\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2106, + "event": "path", + "message": "Condition \"control\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2106, + "event": "path", + "message": "Condition \"stcb->asoc.state & 0x200\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2111, + "event": "path", + "message": "Condition \"control == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2115, + "event": "path", + "message": "Condition \"(chk_flags & 3) == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2120, + "event": "path", + "message": "Condition \"mm\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2122, + "event": "path", + "message": "Condition \"mm->m_hdr.mh_next == NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2125, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2120, + "event": "path", + "message": "Condition \"mm\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2134, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_debug_on & 524288\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2134, + "event": "path", + "message": "Condition \"system_base_info.debug_printf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2136, + "event": "path", + "message": "Condition \"(chk_flags & 3) == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2136, + "event": "path", + "message": "Condition \"asoc->resetHead.tqh_first == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2174, + "event": "path", + "message": "Condition \"(chk_flags & 3) != 3\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2204, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_do_drain == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2206, + "event": "path", + "message": "Condition \"tsn < asoc->highest_tsn_inside_nr_map\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2206, + "event": "path", + "message": "Condition \"(uint32_t)(asoc->highest_tsn_inside_nr_map - tsn) > (2147483648U /* 1U << 31 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2209, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2216, + "event": "path", + "message": "Condition \"(chk_flags & 3) == 3\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2225, + "event": "path", + "message": "Condition \"(liste = asoc->resetHead.tqh_first) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2225, + "event": "path", + "message": "Condition \"tsn < liste->tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2225, + "event": "path", + "message": "Condition \"(uint32_t)(liste->tsn - tsn) > (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2225, + "event": "path", + "message": "Condition \"tsn > liste->tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2225, + "event": "path", + "message": "Condition \"(uint32_t)(tsn - liste->tsn) < (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2258, + "event": "path", + "message": "Condition \"chk_flags & 4\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2269, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_debug_on & 524288\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2269, + "event": "path", + "message": "Condition \"system_base_info.debug_printf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2272, + "event": "path", + "message": "Condition \"*abort_flag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2279, + "event": "path", + "message": "Jumping to label \"finish_express_del\".", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2299, + "event": "path", + "message": "Condition \"tsn == asoc->cumulative_tsn + 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2303, + "event": "path", + "message": "Condition \"last_chunk\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2306, + "event": "path", + "message": "Condition \"ordered\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2308, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2313, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_logging_level & 131072\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2316, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_logging_level & 256\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2320, + "event": "path", + "message": "Condition \"need_reasm_check\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2321, + "event": "lock", + "message": "Locking \"stcb->tcb_mtx\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2325, + "event": "path", + "message": "Condition \"(liste = asoc->resetHead.tqh_first) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2325, + "event": "path", + "message": "Condition \"asoc->cumulative_tsn < liste->tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2325, + "event": "path", + "message": "Condition \"(uint32_t)(liste->tsn - asoc->cumulative_tsn) > (2147483648U /* 1U << 31 */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2334, + "event": "path", + "message": "Condition \"liste->next_resp.tqe_next != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2334, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2339, + "event": "path", + "message": "Condition \"asoc->resetHead.tqh_first == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2354, + "event": "path", + "message": "Condition \"control\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2354, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"ncontrol\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2354, + "event": "path", + "message": "Condition \"(ncontrol = control->next.tqe_next) , 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2355, + "event": "path", + "message": "Condition \"control->sinfo_tsn < liste->tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2355, + "event": "path", + "message": "Condition \"(uint32_t)(liste->tsn - control->sinfo_tsn) > (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2355, + "event": "path", + "message": "Condition \"control->sinfo_tsn > liste->tsn\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2355, + "event": "path", + "message": "Condition \"(uint32_t)(control->sinfo_tsn - liste->tsn) < (2147483648U /* 1U << 31 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2363, + "event": "path", + "message": "Condition \"control->next.tqe_next != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2363, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2365, + "event": "unlock", + "message": "Unlocking \"stcb->tcb_mtx\". \"ncontrol\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2366, + "event": "path", + "message": "Condition \"*abort_flag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2369, + "event": "path", + "message": "Condition \"need_reasm_check\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2370, + "event": "unlock", + "message": "Unlocking \"stcb->tcb_mtx\". \"ncontrol\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2373, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2370, + "event": "lockagain", + "message": "Locking \"stcb->tcb_mtx\" again.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_indata.c", + "line": 2354, + "event": "use", + "message": "Using an unreliable value of \"ncontrol\" inside the second locked section. If the data that \"ncontrol\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2352| \t\t\t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2353| \t\t} else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2354|-> \t\t\tTAILQ_FOREACH_SAFE(control, &asoc->pending_reply_queue, next, ncontrol) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2355| \t\t\t\tif (SCTP_TSN_GT(control->sinfo_tsn, liste->tsn)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2356| \t\t\t\t\tbreak;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sctp_handle_cookie_echo", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 61, + "events": [ + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2591, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_debug_on & 8192\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2591, + "event": "path", + "message": "Condition \"system_base_info.debug_printf\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2594, + "event": "path", + "message": "Condition \"inp_p == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2601, + "event": "path", + "message": "Condition \"cookie_len < 176UL /* sizeof (struct sctp_cookie_echo_chunk) + sizeof (struct sctp_init_chunk) + sizeof (struct sctp_init_chunk) + 20 */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2607, + "event": "path", + "message": "Condition \"cookie->peerport != sh->src_port\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2607, + "event": "path", + "message": "Condition \"cookie->myport != sh->dest_port\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2607, + "event": "path", + "message": "Condition \"cookie->my_vtag != sh->v_tag\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2625, + "event": "path", + "message": "Condition \"cookie->addr_type == 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2625, + "event": "path", + "message": "Condition \"src->sa_family == 123\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2632, + "event": "path", + "message": "Condition \"cookie->laddr_type == 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2632, + "event": "path", + "message": "Condition \"dst->sa_family == 123\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2646, + "event": "path", + "message": "Condition \"m_sig == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2659, + "event": "path", + "message": "Condition \"l_stcb != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2665, + "event": "path", + "message": "Condition \"l_stcb != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2669, + "event": "path", + "message": "Condition \"l_inp->sctp_flags & (805306368U /* 0x10000000 | 0x20000000 */)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2676, + "event": "path", + "message": "Condition \"cookie->time_entered.tv_sec < (long)ep->time_of_secret_change\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2676, + "event": "path", + "message": "Condition \"ep->current_secret_number != ep->last_secret_number\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2682, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2691, + "event": "path", + "message": "Condition \"sig == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2697, + "event": "path", + "message": "Condition \"timingsafe_bcmp(calc_sig, sig, 20) != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2721, + "event": "path", + "message": "Condition \"m_at->m_hdr.mh_next != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2723, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2721, + "event": "path", + "message": "Condition \"m_at->m_hdr.mh_next != NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2727, + "event": "path", + "message": "Condition \"cookie_ok == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2735, + "event": "path", + "message": "Condition \"sctp_ticks_to_msecs(cookie->cookie_life) > 3600000\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2741, + "event": "path", + "message": "Condition \"time_entered.tv_sec < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2741, + "event": "path", + "message": "Condition \"time_entered.tv_usec < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2741, + "event": "path", + "message": "Condition \"time_entered.tv_usec >= 1000000\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2750, + "event": "path", + "message": "Condition \"now.tv_sec == time_entered.tv_sec\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2750, + "event": "path", + "message": "Condition \"now.tv_usec < time_entered.tv_usec\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2750, + "event": "path", + "message": "Condition \"(now.tv_sec == time_entered.tv_sec) ? now.tv_usec < time_entered.tv_usec : (now.tv_sec < time_entered.tv_sec)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2764, + "event": "path", + "message": "Condition \"now.tv_sec == time_expires.tv_sec\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2764, + "event": "path", + "message": "Condition \"now.tv_usec > time_expires.tv_usec\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2764, + "event": "path", + "message": "Condition \"(now.tv_sec == time_expires.tv_sec) ? now.tv_usec > time_expires.tv_usec : (now.tv_sec > time_expires.tv_sec)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2820, + "event": "path", + "message": "Switch case value \"4\".", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2857, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2863, + "event": "path", + "message": "Condition \"*stcb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2901, + "event": "path", + "message": "Condition \"*stcb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2922, + "event": "path", + "message": "Condition \"*stcb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2927, + "event": "path", + "message": "Condition \"*stcb == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2945, + "event": "path", + "message": "Condition \"netl == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2953, + "event": "path", + "message": "Condition \"netl\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2954, + "event": "path", + "message": "Condition \"netl->dest_state & 0x200\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2962, + "event": "path", + "message": "Condition \"(*inp_p)->sctp_flags & 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2963, + "event": "path", + "message": "Condition \"!had_a_existing_tcb\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2963, + "event": "path", + "message": "Condition \"((*inp_p)->sctp_flags & 2097152) == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 2973, + "event": "path", + "message": "Condition \"notification == 10\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3005, + "event": "lock", + "message": "Locking \"&(*stcb)->tcb_mtx\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3008, + "event": "path", + "message": "Condition \"so == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3037, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"inp\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3077, + "event": "path", + "message": "Condition \"inp->sctp_ep.local_hmacs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3081, + "event": "path", + "message": "Condition \"inp->sctp_ep.local_auth_chunks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3094, + "event": "path", + "message": "Condition \"*stcb\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3097, + "event": "unlock", + "message": "Unlocking \"(*inp_p)->inp_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3097, + "event": "unlock", + "message": "Unlocking \"inp->inp_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3097, + "event": "unlock", + "message": "Unlocking \"(*stcb)->tcb_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3100, + "event": "unlock", + "message": "Unlocking \"&(*stcb)->tcb_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3106, + "event": "unlock", + "message": "Unlocking \"(*inp_p)->inp_rdata_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3106, + "event": "unlock", + "message": "Unlocking \"inp->inp_rdata_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3114, + "event": "path", + "message": "Condition \"inp->sctp_flags & 268435456\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3108, + "event": "lockagain", + "message": "Locking \"&(*stcb)->tcb_mtx\" again.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_input.c", + "line": 3125, + "event": "use", + "message": "Using an unreliable value of \"inp\" inside the second locked section. If the data that \"inp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3123| \t\t\tSCTP_INP_DECR_REF(inp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3124| \t\t\t/* Switch over to the new guy */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3125|-> \t\t\t*inp_p = inp;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3126| \t\t\tsctp_ulp_notify(notification, *stcb, 0, NULL, SCTP_SO_NOT_LOCKED);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3127| \t\t\tif (send_int_conf) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "ATOMICITY", + "cwe": 667, + "function": "sctp_inpcb_alloc", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2754, + "event": "lock", + "message": "Locking \"&system_base_info.sctppcbinfo.ipi_ep_mtx\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2755, + "event": "def", + "message": "Assigning data that might be protected by the lock to \"inp\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2756, + "event": "path", + "message": "Condition \"inp == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2815, + "event": "path", + "message": "Condition \"inp->sctp_asocidhash == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2825, + "event": "unlock", + "message": "Unlocking \"&system_base_info.sctppcbinfo.ipi_ep_mtx\". \"inp\" might now be unreliable because other threads can now change the data that it depends on.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2829, + "event": "path", + "message": "Condition \"so->so_type == SOCK_SEQPACKET\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2835, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2856, + "event": "path", + "message": "Condition \"system_base_info.sctpsysctl.sctp_default_frag_interleave == 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2859, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2868, + "event": "path", + "message": "Condition \"inp->sctp_tcbhash == NULL\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2930, + "event": "path", + "message": "Condition \"(inp->sctp_list.le_next = system_base_info.sctppcbinfo.listhead.lh_first) != NULL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2927, + "event": "lockagain", + "message": "Locking \"&inp->inp_mtx\" again.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/netwerk/sctp/src/netinet/sctp_pcb.c", + "line": 2930, + "event": "use", + "message": "Using an unreliable value of \"inp\" inside the second locked section. If the data that \"inp\" depends on was changed by another thread, this use might be incorrect.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2928| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2929| \t/* add it to the info area */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2930|-> \tLIST_INSERT_HEAD(&SCTP_BASE_INFO(listhead), inp, sctp_list);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2931| #if defined(__APPLE__) && !defined(__Userspace__)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2932| \tinp->ip_inp.inp.inp_pcbinfo = &SCTP_BASE_INFO(sctbinfo);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "WRITE_CONST_FIELD", + "cwe": 843, + "imp": 1, + "function": "mozilla::detail::ResultImplementation::inspectErr() const", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "thunderbird-115.5.0/objdir/dist/include/js/Result.h", + "line": 192, + "event": "field_definition", + "message": "A const-qualified field is defined.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/objdir/dist/include/mozilla/Result.h", + "line": 268, + "event": "store_writes_const_field", + "message": "A write to an aggregate overwrites a const-qualified field within the aggregate.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 266| const auto bits = mBits ^ 1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| E res;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268|-> std::memcpy(&res, &bits, sizeof(E));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269| return res;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "base::ThreadIdNameManager::GetName(int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 112, + "event": "path", + "message": "Condition \"id == this->main_process_id_\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 116, + "event": "path", + "message": "Condition \"id_to_handle_iter == std::map, std::allocator > >::iterator(this->thread_id_to_handle_.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 119, + "event": "find", + "message": "Calling \"find\" with element \"id_to_handle_iter->second\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 119, + "event": "assign", + "message": "Assigning: \"handle_to_name_iter\" = \"this->thread_handle_to_interned_name_.find(id_to_handle_iter->second)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 121, + "event": "deref_iterator", + "message": "Dereferencing iterator \"handle_to_name_iter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| auto handle_to_name_iter =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120| thread_handle_to_interned_name_.find(id_to_handle_iter->second);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121|-> return handle_to_name_iter->second->c_str();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "base::ThreadIdNameManager::RemoveName(unsigned long, int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 134, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 137, + "event": "find", + "message": "Calling \"find\" with element \"id\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 137, + "event": "assign", + "message": "Assigning: \"id_to_handle_iter\" = \"this->thread_id_to_handle_.find(id)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 138, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/security/sandbox/chromium/base/threading/thread_id_name_manager.cc", + "line": 141, + "event": "deref_iterator", + "message": "Dereferencing iterator \"id_to_handle_iter\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 139| // The given |id| may have been re-used by the system. Make sure the", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 140| // mapping points to the provided |handle| before removal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 141|-> if (id_to_handle_iter->second != handle)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 142| return;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 143| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "get_secret", + "language": "python", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/taskcluster/docker/updatebot/run.py", + "line": 58, + "event": "path", + "message": "Condition \"\"TASK_ID\" in os.environ\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/taskcluster/docker/updatebot/run.py", + "line": 59, + "event": "path", + "message": "Condition \"OPERATING_MODE == \"prod\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/taskcluster/docker/updatebot/run.py", + "line": 71, + "event": "path", + "message": "Condition \"\"secret\" in secret\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/taskcluster/docker/updatebot/run.py", + "line": 71, + "event": "assign_null", + "message": "Assigning: \"secret\" = \"(\"secret\" in secret) ? secret[\"secret\"] : None\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/taskcluster/docker/updatebot/run.py", + "line": 72, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"secret\". The right hand side of \"in\" cannot be null-like.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| secret = secrets.get(\"project/updatebot/\" + OPERATING_MODE + \"/\" + name)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| secret = secret[\"secret\"] if \"secret\" in secret else None", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> secret = secret[\"value\"] if \"value\" in secret else None", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| return secret", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "read_ini", + "language": "python", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 27, + "event": "assign_undefined", + "message": "Assigning: \"current_section\" = \"undefined\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 47, + "event": "path", + "message": "Condition \"defaults\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 49, + "event": "path", + "message": "Condition \"comments\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 50, + "event": "path", + "message": "Condition \"separators\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 54, + "event": "path", + "message": "Condition \"isinstance(fp, string_types)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 64, + "event": "path", + "message": "Condition \"!stripped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 67, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 64, + "event": "path", + "message": "Condition \"!stripped\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 70, + "event": "path", + "message": "Condition \"any((function.__defaults__ = None) , ((function.__annotations__ = {}) , ((function.__doc__ = None) , function))())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 76, + "event": "path", + "message": "Condition \"comment_start == sys.maxsize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 76, + "event": "path", + "message": "Condition \"inline_prefixes\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 87, + "event": "path", + "message": "Condition \"comment_start != sys.maxsize\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 91, + "event": "path", + "message": "Condition \"len(stripped) > 2\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 91, + "event": "path", + "message": "Condition \"stripped[0] == \"[\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 91, + "event": "path", + "message": "Condition \"stripped[-1] == \"]\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 117, + "event": "path", + "message": "Condition \"!section_names\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 126, + "event": "path", + "message": "Condition \"key\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 143, + "event": "path", + "message": "Condition \"separator in stripped\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 150, + "event": "path", + "message": "Condition \"key\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/manifestparser/manifestparser/ini.py", + "line": 151, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"current_section\". The right hand side of \"in\" cannot be null-like.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| # make sure this key isn't already in the section", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| if key:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151|-> assert (", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| key not in current_section", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| ), f\"Found duplicate key {key} in section {section}\"", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "get_battery_percentage", + "language": "python", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3697, + "event": "assign_null", + "message": "Assigning: \"level\" = \"None\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3705, + "event": "path", + "message": "Condition \"match\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3708, + "event": "path", + "message": "Condition \"parameter == \"level\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3710, + "event": "path", + "message": "Condition \"parameter == \"scale\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3712, + "event": "path", + "message": "Condition \"parameter !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3712, + "event": "path", + "message": "Condition \"scale !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozbase/mozdevice/mozdevice/adb.py", + "line": 3714, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"level\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3712| if parameter is not None and scale is not None:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3713| # pylint --py3k W1619", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3714|-> percentage = 100.0 * level / scale", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3715| break", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 3716| return percentage", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "query_locales", + "language": "python", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 29, + "event": "path", + "message": "Condition \"self.locales !== None\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 41, + "event": "assign_null", + "message": "Assigning: \"locales\" = \"None\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 44, + "event": "path", + "message": "Condition \"!locales\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 44, + "event": "path", + "message": "Condition \"\"MOZ_LOCALES\" in os.environ\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 49, + "event": "path", + "message": "Condition \"!locales\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 49, + "event": "path", + "message": "Condition \"c.get(\"locales\", {})\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 54, + "event": "path", + "message": "Condition \"locales\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 64, + "event": "path", + "message": "Condition \"!locales\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 64, + "event": "path", + "message": "Condition \"\"locales_file\" in c\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 69, + "event": "path", + "message": "Condition \"!locales\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/testing/mozharness/mozharness/mozilla/l10n/locales.py", + "line": 73, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"locales\". The right hand side of \"in\" cannot be null-like.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| for locale in ignore_locales:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73|-> if locale in locales:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| self.debug(\"Ignoring locale %s.\" % locale)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| locales.remove(locale)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "GetCMakeTargetName", + "language": "python", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py", + "line": 159, + "event": "assign_null", + "message": "Assigning: \"name\" = \"None\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py", + "line": 161, + "event": "path", + "message": "Condition \"!path_separator\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py", + "line": 162, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py", + "line": 173, + "event": "path", + "message": "Condition \"location\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gradle/gn_to_cmake.py", + "line": 176, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"name\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| cmake_target_name = None", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176|-> if location.endswith('/' + name):", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| cmake_target_name = location", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| elif location:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "main", + "language": "python", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 308, + "event": "assign_undefined", + "message": "Assigning: \"max_dex_number\" = \"undefined\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 314, + "event": "path", + "message": "Condition \"options.best_compression\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 316, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 324, + "event": "path", + "message": "Condition \"options.format == \"apk\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 324, + "event": "path", + "message": "Condition \"!options.best_compression\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 335, + "event": "path", + "message": "Condition \"options.dex_file\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 339, + "event": "path", + "message": "Condition \"options.secondary_native_libs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 343, + "event": "path", + "message": "Condition \"options.java_resources\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 366, + "event": "path", + "message": "Condition \"options.format == \"bundle-module\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 390, + "event": "path", + "message": "Condition \"options.secondary_android_abi\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 397, + "event": "path", + "message": "Condition \"options.expected_file\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 410, + "event": "path", + "message": "Condition \"options.only_verify_expectations\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 457, + "event": "path", + "message": "Condition \"options.dex_file\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 476, + "event": "path", + "message": "Condition \"options.jdk_libs_dex_file\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/apkbuilder.py", + "line": 478, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"max_dex_number\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476| if options.jdk_libs_dex_file:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 477| with open(options.jdk_libs_dex_file, 'rb') as dex_file_obj:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478|-> add_to_zip(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479| apk_dex_dir + 'classes{}.dex'.format(max_dex_number + 1),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480| dex_file_obj.read(),", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "main", + "language": "python", + "tool": "coverity", + "key_event_idx": 77, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 945, + "event": "assign_undefined", + "message": "Assigning: \"extra_package_names\" = \"undefined\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1162, + "event": "path", + "message": "Condition \"args\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1165, + "event": "path", + "message": "Condition \"options.generate_markdown_format_doc\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1171, + "event": "path", + "message": "Condition \"options.fail\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1194, + "event": "path", + "message": "Condition \"!required_options\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1199, + "event": "path", + "message": "Condition \"options.type != \"android_app_bundle_module\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1200, + "event": "path", + "message": "Condition \"options.apk_proto_resources\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1203, + "event": "path", + "message": "Condition \"options.module_pathmap_path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1206, + "event": "path", + "message": "Condition \"options.base_allowlist_rtxt_path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1209, + "event": "path", + "message": "Condition \"options.is_base_module\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1216, + "event": "path", + "message": "Condition \"!is_apk_or_module_target\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1217, + "event": "path", + "message": "Condition \"options.uncompress_shared_libraries\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1221, + "event": "path", + "message": "Condition \"options.library_always_compress\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1225, + "event": "path", + "message": "Condition \"options.library_renames\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1230, + "event": "path", + "message": "Condition \"options.device_jar_path\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1230, + "event": "path", + "message": "Condition \"!options.dex_path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1232, + "event": "path", + "message": "Condition \"any((function.__defaults__ = None) , ((function.__annotations__ = {}) , ((function.__doc__ = None) , function))())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1237, + "event": "path", + "message": "Condition \"options.requires_android\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1237, + "event": "path", + "message": "Condition \"!options.supports_android\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1246, + "event": "path", + "message": "Condition \"options.static_library_dependent_configs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1248, + "event": "path", + "message": "Condition \"is_static_library_dex_provider_target\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1249, + "event": "path", + "message": "Condition \"options.type != \"android_apk\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1263, + "event": "path", + "message": "Condition \"options.annotation_processor_configs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1270, + "event": "path", + "message": "Condition \"options.recursive_resource_deps\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1285, + "event": "path", + "message": "Condition \"options.type == \"java_library\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1291, + "event": "path", + "message": "Condition \"options.type == \"android_resources\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1291, + "event": "path", + "message": "Condition \"options.recursive_resource_deps\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1297, + "event": "path", + "message": "Condition \"is_apk_or_module_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1311, + "event": "path", + "message": "Condition \"options.base_module_build_config\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1332, + "event": "path", + "message": "Condition \"options.type == \"android_apk\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1332, + "event": "path", + "message": "Condition \"options.tested_apk_config\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1337, + "event": "path", + "message": "Condition \"options.type == \"android_app_bundle_module\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1341, + "event": "path", + "message": "Condition \"options.type == \"java_library\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1345, + "event": "path", + "message": "Condition \"options.android_manifest\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1348, + "event": "path", + "message": "Condition \"options.merged_android_manifest\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1351, + "event": "path", + "message": "Condition \"options.bundled_srcjars\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1355, + "event": "path", + "message": "Condition \"options.java_sources_file\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1358, + "event": "path", + "message": "Condition \"is_java_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1375, + "event": "path", + "message": "Condition \"options.r_text_path\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1381, + "event": "path", + "message": "Condition \"is_apk_or_module_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1381, + "event": "path", + "message": "Condition \"options.type in {\"group\", \"java_library\", \"junit_binary\"}\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1386, + "event": "path", + "message": "Condition \"options.java_sources_file\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1389, + "event": "path", + "message": "Condition \"options.apk_proto_resources\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1394, + "event": "path", + "message": "Condition \"options.module_pathmap_path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1402, + "event": "path", + "message": "Condition \"options.base_allowlist_rtxt_path\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1409, + "event": "path", + "message": "Condition \"is_java_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1427, + "event": "path", + "message": "Condition \"is_apk_or_module_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1427, + "event": "path", + "message": "Condition \"options.type == \"dist_jar\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1430, + "event": "path", + "message": "Condition \"is_java_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1457, + "event": "path", + "message": "Condition \"options.type == \"android_assets\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1459, + "event": "path", + "message": "Condition \"options.asset_renaming_sources\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1462, + "event": "path", + "message": "Condition \"options.asset_sources\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1468, + "event": "path", + "message": "Condition \"options.asset_renaming_destinations\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1471, + "event": "path", + "message": "Condition \"options.disable_asset_compression\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1473, + "event": "path", + "message": "Condition \"options.treat_as_locale_paks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1476, + "event": "path", + "message": "Condition \"options.type == \"android_resources\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1478, + "event": "path", + "message": "Condition \"options.resource_overlay\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1480, + "event": "path", + "message": "Condition \"options.srcjar\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1482, + "event": "path", + "message": "Condition \"options.android_manifest\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1485, + "event": "path", + "message": "Condition \"options.package_name\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1488, + "event": "path", + "message": "Condition \"options.res_sources_path\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1491, + "event": "path", + "message": "Condition \"options.requires_android\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1491, + "event": "path", + "message": "Condition \"options.type == \"java_library\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1492, + "event": "path", + "message": "Condition \"options.package_name\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1495, + "event": "path", + "message": "Condition \"options.type in {\"android_resources\", \"android_apk\", \"junit_binary\", \"dist_aar\", \"android_app_bundle_module\", \"java_library\"}\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1575, + "event": "path", + "message": "Condition \"extra_classpath_jars\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1580, + "event": "path", + "message": "Condition \"mergeable_android_manifests\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1585, + "event": "path", + "message": "Condition \"proguard_configs\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1590, + "event": "path", + "message": "Condition \"is_java_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1652, + "event": "path", + "message": "Condition \"is_java_target\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1652, + "event": "path", + "message": "Condition \"options.type == \"android_app_bundle\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1665, + "event": "path", + "message": "Condition \"options.type in {\"dist_jar\", \"java_binary\", \"junit_binary\"}\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1668, + "event": "path", + "message": "Condition \"options.host_jar_path\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1680, + "event": "path", + "message": "Condition \"options.type in {\"android_app_bundle_module\", \"android_apk\"}\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1724, + "event": "path", + "message": "Condition \"options.type == \"android_app_bundle\"\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1763, + "event": "path", + "message": "Condition \"is_static_library_dex_provider_target\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1772, + "event": "path", + "message": "Condition \"dep_config[\"type\"] == \"android_app_bundle\"\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/gyp/write_build_config.py", + "line": 1784, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"extra_package_names\". The right hand side of \"in\" cannot be null-like.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1782| # union of resource IDs are available in the static library APK.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1783| for package in base_config['extra_package_names']:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1784|-> if package not in extra_package_names:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1785| extra_package_names.append(package)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1786| for cp_entry in dep_config['device_classpath']:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "_RunTest", + "language": "python", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py", + "line": 31, + "event": "assign_undefined", + "message": "Assigning: \"after_pids\" = \"undefined\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py", + "line": 44, + "event": "path", + "message": "Condition \"before_pids\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py", + "line": 53, + "event": "path", + "message": "Condition \"!(self._test_instance.package in before_pids)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/local/device/local_device_monkey_test_run.py", + "line": 55, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"after_pids\". The right hand side of \"in\" cannot be null-like.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| if not self._test_instance.package in before_pids:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54| logging.error('Failed to start the process.')", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55|-> elif not self._test_instance.package in after_pids:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| logging.error('Process %s has died.',", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 57| before_pids[self._test_instance.package])", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "_SymbolizeCallback", + "language": "python", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py", + "line": 177, + "event": "path", + "message": "Condition \"exp_name === None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py", + "line": 177, + "event": "null_check", + "message": "Comparing \"exp_name\" to a null-like value implies that \"exp_name\" might be null-like.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py", + "line": 178, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py", + "line": 184, + "event": "path", + "message": "Condition \"exp_inlines\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/build/android/pylib/symbols/elf_symbolizer_unittest.py", + "line": 185, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"exp_name\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| if exp_inlines:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185|-> self.assertEqual(sym_info.name, exp_name + '_inner')", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| self.assertEqual(sym_info.inlined_by.name, exp_name + '_middle')", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| self.assertEqual(sym_info.inlined_by.inlined_by.name,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::internal::ResourceVideoSendStreamForwarder::OnDestroyVideoSendStream(webrtc::internal::VideoSendStream *)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/call/call.cc", + "line": 176, + "event": "find", + "message": "Calling \"find\" with element \"video_send_stream\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/call/call.cc", + "line": 176, + "event": "assign", + "message": "Assigning: \"it\" = \"this->adapter_resources_.find(video_send_stream)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/call/call.cc", + "line": 177, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)(it != std::map, std::less, std::allocator > > >::iterator(this->adapter_resources_.end()))) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/call/call.cc", + "line": 178, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| auto it = adapter_resources_.find(video_send_stream);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| RTC_DCHECK(it != adapter_resources_.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178|-> broadcast_resource_listener_.RemoveAdapterResource(it->second);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179| adapter_resources_.erase(it);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::DesktopRegion::Iterator::Advance()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 519, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)!this->IsAtEnd()) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 521, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "path", + "message": "Condition \"this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "path", + "message": "Condition \"this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 527, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)(void)rtc::SafeGt(this->row_->second->spans.size(), 0)) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 532, + "event": "path", + "message": "Condition \"this->IsAtEnd()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_->second->bottom == this->row_->second->top\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"webrtc::DesktopRegion::IsSpanInRow(this->previous_row_->second, *this->row_span_)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 541, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 521, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "path", + "message": "Condition \"this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "assign", + "message": "Assigning: \"\" = \"this->region_.rows_.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "path", + "message": "Condition \"this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "tested_end", + "message": "\"this->row_\" testing equal to \"this->region_.rows_.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 532, + "event": "path", + "message": "Condition \"this->IsAtEnd()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "deref_iterator", + "message": "Dereferencing iterator \"this->row_\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 536| // already returned this span merged into the previous one, via", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 537| // UpdateCurrentRect().", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 538|-> if (previous_row_ != region_.rows_.end() &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 539| previous_row_->second->bottom == row_->second->top &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 540| IsSpanInRow(*previous_row_->second, *row_span_)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::DesktopRegion::Iterator::Advance()", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 519, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)!this->IsAtEnd()) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 521, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "path", + "message": "Condition \"this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "path", + "message": "Condition \"this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 527, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)(void)rtc::SafeGt(this->row_->second->spans.size(), 0)) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 532, + "event": "path", + "message": "Condition \"this->IsAtEnd()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_->second->bottom == this->row_->second->top\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"webrtc::DesktopRegion::IsSpanInRow(this->previous_row_->second, *this->row_span_)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 541, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 521, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "assign", + "message": "Assigning: \"\" = \"this->row_->second->spans.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "path", + "message": "Condition \"this->row_span_ == std::vector >::iterator(this->row_->second->spans.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 523, + "event": "tested_end", + "message": "\"this->row_span_\" testing equal to \"this->row_->second->spans.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 526, + "event": "path", + "message": "Condition \"this->row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 532, + "event": "path", + "message": "Condition \"this->IsAtEnd()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_ != std::map, std::allocator > >::const_iterator(this->region_.rows_.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "path", + "message": "Condition \"this->previous_row_->second->bottom == this->row_->second->top\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/desktop_capture/desktop_region.cc", + "line": 538, + "event": "deref_iterator", + "message": "Dereferencing iterator \"this->row_span_\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 536| // already returned this span merged into the previous one, via", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 537| // UpdateCurrentRect().", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 538|-> if (previous_row_ != region_.rows_.end() &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 539| previous_row_->second->bottom == row_->second->top &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 540| IsSpanInRow(*previous_row_->second, *row_span_)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::PacketRouter::RemoveSendRtpModuleFromMap(unsigned int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc", + "line": 89, + "event": "find", + "message": "Calling \"find\" with element \"ssrc\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc", + "line": 89, + "event": "assign", + "message": "Assigning: \"it\" = \"this->send_modules_map_.find(ssrc)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc", + "line": 90, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)(it != std::unordered_map, std::equal_to, std::allocator > >::iterator(this->send_modules_map_.end()))) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/pacing/packet_router.cc", + "line": 91, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| auto it = send_modules_map_.find(ssrc);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| RTC_DCHECK(it != send_modules_map_.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91|-> send_modules_list_.remove(it->second);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| send_modules_map_.erase(it);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::RtpSenderEgress::UpdateDelayStatistics(webrtc::Timestamp, webrtc::Timestamp, unsigned int)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 445, + "event": "path", + "message": "Condition \"!this->send_side_delay_observer_\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 445, + "event": "path", + "message": "Condition \"capture_time.IsInfinite()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 458, + "event": "path", + "message": "Condition \"it != lower_bound\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 459, + "event": "path", + "message": "Condition \"this->max_delay_it_ == std::_Rb_tree_const_iterator >::_Self const(it)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 460, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 460, + "event": "assign", + "message": "Assigning: \"\" = \"this->send_delays_.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 460, + "event": "assign", + "message": "Assigning: \"this->max_delay_it_\" = \"std::_Rb_tree_const_iterator > const(std::map, std::allocator > >::iterator(this->send_delays_.end()))\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 463, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 458, + "event": "path", + "message": "Condition \"it != lower_bound\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 459, + "event": "path", + "message": "Condition \"this->max_delay_it_ == std::_Rb_tree_const_iterator >::_Self const(it)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 459, + "event": "tested_end", + "message": "\"it\" testing equal to \"this->max_delay_it_\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/rtp_sender_egress.cc", + "line": 462, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460| max_delay_it_ = send_delays_.end();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 462|-> sum_delays_ -= it->second;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| send_delays_.erase(send_delays_.begin(), lower_bound);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::TMMBRHelp::FindBoundingSet(std::vector >)", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 24, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 25, + "event": "path", + "message": "Condition \"!it->bitrate_bps()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 26, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 29, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 24, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 31, + "event": "path", + "message": "Condition \"candidates.size() <= 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 43, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 44, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)it->bitrate_bps()) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 49, + "event": "path", + "message": "Condition \"next_it != std::vector >::iterator(candidates.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 61, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 43, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 65, + "event": "past_the_end", + "message": "Function \"end\" creates an iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 65, + "event": "assign", + "message": "Assigning: \"min_bitrate_it\" = \"candidates.end()\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 66, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 73, + "event": "assign", + "message": "Assigning: \"it\" = \"min_bitrate_it\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 73, + "event": "path", + "message": "Condition \"it != std::vector >::iterator(candidates.end())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/modules/rtp_rtcp/source/tmmbr_help.cc", + "line": 87, + "event": "deref_iterator", + "message": "Dereferencing iterator \"min_bitrate_it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| // First member of selected list.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87|-> bounding_set.push_back(*min_bitrate_it);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| intersection[0] = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| // Calculate its maximum packet rate (where its line crosses x-axis).", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "webrtc::QualityLimitationReasonTracker::DurationsMs() const", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc", + "line": 45, + "event": "find", + "message": "Calling \"find\" with element \"this->current_reason_\" returns the end iterator.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc", + "line": 45, + "event": "assign", + "message": "Assigning: \"it\" = \"total_durations_ms.find(this->current_reason_)\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc", + "line": 46, + "event": "path", + "message": "Condition \"true /* true ? true : (((void)(it != std::map, std::allocator > >::iterator(total_durations_ms.end()))) , true) */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/libwebrtc/video/quality_limitation_reason_tracker.cc", + "line": 47, + "event": "deref_iterator", + "message": "Dereferencing iterator \"it\" though it is already past the end of its container.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| auto it = total_durations_ms.find(current_reason_);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46| RTC_DCHECK(it != total_durations_ms.end());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47|-> it->second +=", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| clock_->TimeInMilliseconds() - current_reason_updated_timestamp_ms_;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49| return total_durations_ms;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "call_filter", + "language": "python", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 492, + "event": "path", + "message": "Condition \"func === None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 492, + "event": "null_check", + "message": "Comparing \"func\" to a null-like value implies that \"func\" might be null-like.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 494, + "event": "path", + "message": "Condition \"args\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 495, + "event": "path", + "message": "Condition \"getattr(func, \"contextfilter\", False) === True\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 496, + "event": "path", + "message": "Condition \"context === None\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 510, + "event": "call", + "message": "Calling the null-like value \"func\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 508| elif getattr(func, \"environmentfilter\", False) is True:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 509| args.insert(0, self)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 510|-> return func(*args, **(kwargs or {}))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 511| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 512| def call_test(self, name, value, args=None, kwargs=None):", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "call_test", + "language": "python", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 518, + "event": "path", + "message": "Condition \"func === None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 518, + "event": "null_check", + "message": "Comparing \"func\" to a null-like value implies that \"func\" might be null-like.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/Jinja2/jinja2/environment.py", + "line": 520, + "event": "call", + "message": "Calling the null-like value \"func\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 518| if func is None:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 519| fail_for_missing_callable(\"no test named %r\", name)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 520|-> return func(value, *(args or ()), **(kwargs or {}))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 521| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 522| @internalcode", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "prepare", + "language": "python", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 107, + "event": "path", + "message": "Condition \"\"gzip\" in request.headers.get(hdrs.ACCEPT_ENCODING, \"\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 110, + "event": "path", + "message": "Condition \"gzip_path.is_file()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 118, + "event": "path", + "message": "Condition \"modsince !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 118, + "event": "path", + "message": "Condition \"st.st_mtime <= modsince.timestamp()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 126, + "event": "path", + "message": "Condition \"unmodsince !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 126, + "event": "path", + "message": "Condition \"st.st_mtime > unmodsince.timestamp()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 130, + "event": "path", + "message": "Condition \"!(hdrs.CONTENT_TYPE in self.headers)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 132, + "event": "path", + "message": "Condition \"!ct\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 146, + "event": "path", + "message": "Condition \"ifrange === None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 174, + "event": "path", + "message": "Condition \"start !== None\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 174, + "event": "null_check", + "message": "Comparing \"start\" to a null-like value implies that \"start\" might be null-like.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 174, + "event": "path", + "message": "Condition \"end !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 175, + "event": "path", + "message": "Condition \"start < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 175, + "event": "path", + "message": "Condition \"end === None\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 190, + "event": "path", + "message": "Condition \"end !== None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_fileresponse.py", + "line": 190, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"start\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| # value of last-byte-pos with a value that is one less than", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189| # the current length of the selected representation).", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190|-> count = (", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| min(end if end is not None else file_size, file_size) - start", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192| )", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "_iter", + "language": "python", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py", + "line": 943, + "event": "path", + "message": "Condition \"!(self.request.method in hdrs.METH_ALL)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py", + "line": 946, + "event": "path", + "message": "Condition \"method === None\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py", + "line": 946, + "event": "null_check", + "message": "Comparing \"method\" to a null-like value implies that \"method\" might be null-like.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/aiohttp/aiohttp/web_urldispatcher.py", + "line": 948, + "event": "call", + "message": "Calling the null-like value \"method\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 946| if method is None:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 947| self._raise_allowed_methods()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 948|-> resp = await method()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 949| return resp", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 950| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "filter", + "language": "python", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py", + "line": 918, + "event": "assign_null", + "message": "Assigning: \"current_value\" = \"None\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py", + "line": 920, + "event": "path", + "message": "Condition \"ttype === current_type\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/python/pip/pip/_vendor/pygments/filters/__init__.py", + "line": 921, + "event": "invalid_operation", + "message": "Invalid operation on null-like value \"current_value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 919| for ttype, value in stream:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 920| if ttype is current_type:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 921|-> current_value += value", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 922| else:", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 923| if current_type is not None:", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RETURN_LOCAL", + "cwe": 562, + "imp": 1, + "function": "sqlite3BtreeIntegrityCheck", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79183, + "event": "path", + "message": "Condition \"aRoot[0] == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79186, + "event": "path", + "message": "Condition \"aRoot[1] != 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79199, + "event": "local_ptr_identity_local", + "message": "\"sqlite3StrAccumInit(&sCheck.errMsg, NULL, zErr, 100, 1000000000)\" stores \"zErr\" (address of local variable \"zErr\") into \"sCheck.errMsg.zText\".", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79201, + "event": "path", + "message": "Condition \"sCheck.nPage == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79206, + "event": "path", + "message": "Condition \"!sCheck.aPgRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79208, + "event": "path", + "message": "Jumping to label \"integrity_ck_cleanup\".", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79294, + "event": "path", + "message": "Condition \"sCheck.nErr == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79298, + "event": "identity_transfer", + "message": "Passing field \"sCheck.errMsg.zText\" (indirectly, via argument 1) to function \"sqlite3StrAccumFinish\", which returns it.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79298, + "event": "escape_local_addr_alias", + "message": "Returning, through \"*pzOut\", pointer \"sqlite3StrAccumFinish(&sCheck.errMsg)\" which points to local variable \"zErr\".", + "verbosity_level": 0 + }, + { + "file_name": "thunderbird-115.5.0/third_party/sqlite3/src/sqlite3.c", + "line": 79303, + "event": "return", + "message": "Returning here.", + "verbosity_level": 2 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "79296| *pzOut = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "79297| }else{", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "79298|-> *pzOut = sqlite3StrAccumFinish(&sCheck.errMsg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "79299| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": "79300| /* Make sure this analysis did not leave any unref() pages. */", + "verbosity_level": 1 + } + ] + }, + { + "checker": "COM.BAD_FREE", + "cwe": 416, + "imp": 1, + "function": "NS_DestroyXPTCallStub", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "thunderbird-115.5.0/xpcom/reflect/xptcall/xptcall.cpp", + "line": 45, + "event": "assign", + "message": "Assigning from interface pointer to implementation pointer is an explicit downcast.", + "verbosity_level": 1 + }, + { + "file_name": "thunderbird-115.5.0/xpcom/reflect/xptcall/xptcall.cpp", + "line": 46, + "event": "free", + "message": "Freeing implementation pointer \"stub\" in call to \"operator delete(void *, std::size_t)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| NS_DestroyXPTCallStub(nsISomeInterface* aStub) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| nsXPTCStubBase* stub = static_cast(aStub);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 46|-> delete (stub);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.GenericServlet.getServletContext()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "return_thread_shared", + "message": "Call to \"getServletConfig\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getServletConfig()\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 123, + "event": "write", + "message": "\"getServletConfig()\" is modified in call to \"getServletContext\". (The virtual call resolves to \"org.apache.catalina.core.StandardWrapper.getServletContext\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| public ServletContext getServletContext() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 123|-> return getServletConfig().getServletContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.http.HttpServlet.doHead(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 237, + "event": "path", + "message": "Condition \"javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 234, + "event": "thread_entry_point", + "message": "\"doHead\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"this.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "write", + "message": "\"this.config\" is modified in call to \"doGet\". (The virtual call resolves to \"ServletToJsp.doGet\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 238, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 236| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 237| if (DispatcherType.INCLUDE.equals(req.getDispatcherType())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 238|-> doGet(req, resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| NoBodyResponse response = new NoBodyResponse(resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "javax.servlet.http.HttpServlet.doHead(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 237, + "event": "path", + "message": "Condition \"javax.servlet.DispatcherType.INCLUDE.equals(req.getDispatcherType())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 234, + "event": "thread_entry_point", + "message": "\"doHead\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"this.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "write", + "message": "\"this.config\" is modified in call to \"doGet\". (The virtual call resolves to \"ServletToJsp.doGet\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 241, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| NoBodyResponse response = new NoBodyResponse(resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> doGet(req, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| if (req.isAsyncStarted()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| req.getAsyncContext().addListener(new NoBodyAsyncContextListener(response));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "javax.servlet.http.HttpServlet.doOptions(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 476, + "event": "returned_null", + "message": "\"getAllDeclaredMethods\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 476, + "event": "var_assigned", + "message": "Assigning: \"methods\" = \"null\" return value from \"getAllDeclaredMethods\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 492, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 498, + "event": "null_array_length", + "message": "Accessing length of null array \"methods\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 427, + "event": "example_assign", + "message": "Example 1: Assigning: \"parentMethods\" = return value from \"javax.servlet.http.HttpServlet.getAllDeclaredMethods(c.getSuperclass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/http/HttpServlet.java", + "line": 430, + "event": "example_checked", + "message": "Example 1 (cont.): \"parentMethods\" has its value checked in \"parentMethods != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 496| // End of Tomcat specific hack", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 497| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 498|-> for (int i=0; i doGet(req, resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 656| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| long ifModifiedSince;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.Manager.rotateSessionId(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/Manager.java", + "line": 241, + "event": "returned_null", + "message": "\"getSessionIdGenerator\" returns \"null\" (checked 4 out of 7 times). (The virtual call resolves to \"org.apache.catalina.session.ManagerBase.getSessionIdGenerator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/Manager.java", + "line": 241, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionIdGenerator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/ClusterManagerBase.java", + "line": 163, + "event": "example_checked", + "message": "Example 1: \"getSessionIdGenerator()\" has its value checked in \"getSessionIdGenerator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 645, + "event": "example_assign", + "message": "Example 2: Assigning: \"sessionIdGenerator\" = return value from \"getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 646, + "event": "example_checked", + "message": "Example 2 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 89, + "event": "example_assign", + "message": "Example 3: Assigning: \"sessionIdGenerator\" = return value from \"manager.getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 90, + "event": "example_checked", + "message": "Example 3 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java", + "line": 54, + "event": "example_assign", + "message": "Example 4: Assigning: \"sessionIdGenerator\" = return value from \"manager.getSessionIdGenerator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/PersistentManagerSF.java", + "line": 55, + "event": "example_checked", + "message": "Example 4 (cont.): \"sessionIdGenerator\" has its value checked in \"sessionIdGenerator != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 239| boolean duplicate = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| do {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241|-> newSessionId = getSessionIdGenerator().generateSessionId();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| if (findSession(newSessionId) == null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ant.jmx.JMXAccessorConditionBase.accessJMXValue()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java", + "line": 171, + "event": "returned_null", + "message": "\"getJMXConnection\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ant/jmx/JMXAccessorConditionBase.java", + "line": 171, + "event": "null_method_call", + "message": "Calling a method on null object \"getJMXConnection()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| protected String accessJMXValue() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171|-> Object result = getJMXConnection().getAttribute(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| new ObjectName(name), attribute);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| if (result != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.authenticator.SingleSignOn.sessionDestroyed(java.lang.String, org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 329, + "event": "path", + "message": "Condition \"!getState().isAvailable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "path", + "message": "Condition \"session.getMaxInactiveInterval() > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOn.java", + "line": 337, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 335| // session was logged out, we'll log out of all session associated with", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 336| // the SSO.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 337|-> if (((session.getMaxInactiveInterval() > 0)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 338| && (session.getIdleTimeInternal() >= session.getMaxInactiveInterval() * 1000))", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 339| || (!session.getManager().getContext().getState().isAvailable())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.authenticator.SingleSignOnSessionKey.(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java", + "line": 41, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnSessionKey.java", + "line": 41, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| public SingleSignOnSessionKey(Session session) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40| this.sessionId = session.getId();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41|-> Context context = session.getManager().getContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| this.contextName = context.getName();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43| this.hostName = context.getParent().getName();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 189, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| appContextRegistrations.get(getRegistrationID(null, appContext));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| if (registration != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| if (layer.equals(wrapper.getMessageLayer()) &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| appContext.equals(wrapper.getAppContext())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 195, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "Iterating over another element of \"layerRegistrations.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 202, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| // Need to check registrations for all layers", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| for (RegistrationContextImpl registration : layerRegistrations.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 200|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 201| if (appContext.equals(wrapper.getAppContext())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 202| registration.listeners.remove(wrapper);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 40, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 179, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 185, + "event": "path", + "message": "Condition \"registration != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 187, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 192, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 186, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 195, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "Iterating over another element of \"layerRegistrations.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 201, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 205, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 200, + "event": "path", + "message": "No elements left in \"registration.listeners\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 206, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 199, + "event": "path", + "message": "No elements left in \"layerRegistrations.values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 208, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 210, + "event": "path", + "message": "Iterating over another element of \"defaultRegistration.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "enhanced_for", + "message": "Starting an iteration on \"registration.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"layer.equals(wrapper.getMessageLayer())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 217, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "path", + "message": "Iterating over another element of \"registration.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 212, + "event": "path", + "message": "Condition \"appContext.equals(wrapper.getAppContext())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 214, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"registration.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 217, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 211, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"registration.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| // Need to check default", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210| for (RegistrationContextImpl registration : defaultRegistration.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211|-> for (RegistrationListenerWrapper wrapper : registration.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| if (appContext != null && appContext.equals(wrapper.getAppContext()) ||", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 213| layer != null && layer.equals(wrapper.getMessageLayer())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl.addRegistrationContextImpl(java.lang.String, java.lang.String, java.lang.String, org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"layer != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"appContext != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 166, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 174, + "event": "path", + "message": "Condition \"previous == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "enhanced_for", + "message": "Starting an iteration on \"previous.listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "path", + "message": "Iterating over another element of \"previous.listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 223, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"previous.listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 225, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 222, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"previous.listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| // Replaced an existing registration so need to notify those listeners", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222|-> for (RegistrationListenerWrapper wrapper : previous.listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| previous.listeners.remove(wrapper);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224| wrapper.listener.notify(wrapper.messageLayer, wrapper.appContext);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.authenticator.jaspic.AuthConfigFactoryImpl$RegistrationContextImpl.removeListener(javax.security.auth.message.config.RegistrationListener)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "enhanced_for", + "message": "Starting an iteration on \"listeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "path", + "message": "Iterating over another element of \"listeners\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 475, + "event": "path", + "message": "Condition \"wrapper.getListener().equals(listener)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 476, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"listeners\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 479, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/jaspic/AuthConfigFactoryImpl.java", + "line": 474, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"listeners\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 472| private boolean removeListener(RegistrationListener listener) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 473| boolean result = false;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 474|-> for (RegistrationListenerWrapper wrapper : listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 475| if (wrapper.getListener().equals(listener)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476| listeners.remove(wrapper);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.connector.OutputBuffer.checkConverter()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 554, + "event": "path", + "message": "Condition \"conv != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 560, + "event": "path", + "message": "Condition \"coyoteResponse != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 560, + "event": "var_compare_op", + "message": "Comparing \"coyoteResponse\" to null implies that \"coyoteResponse\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 564, + "event": "path", + "message": "Condition \"charset == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 565, + "event": "null_method_call", + "message": "Calling a method on null object \"coyoteResponse\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 563| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 564| if (charset == null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 565|-> if (coyoteResponse.getCharacterEncoding() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566| // setCharacterEncoding() was called with an invalid character set", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| // Trigger an UnsupportedEncodingException", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNUSED_VALUE", + "cwe": 563, + "function": "org.apache.catalina.connector.OutputBuffer.checkConverter()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 570, + "event": "value_overwrite", + "message": "Overwriting previous write to \"charset\" with value from \"org.apache.coyote.Constants.DEFAULT_BODY_CHARSET\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/OutputBuffer.java", + "line": 568, + "event": "returned_reference", + "message": "Assigning value from \"org.apache.tomcat.util.buf.B2CConverter.getCharset(coyoteResponse.getCharacterEncoding())\" to \"charset\" here, but that stored value is overwritten before it can be used.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566| // setCharacterEncoding() was called with an invalid character set", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| // Trigger an UnsupportedEncodingException", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568|-> charset = B2CConverter.getCharset(coyoteResponse.getCharacterEncoding());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 570| charset = org.apache.coyote.Constants.DEFAULT_BODY_CHARSET;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.authenticate(javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2796, + "event": "path", + "message": "Condition \"response.isCommitted()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2801, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2801, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 881, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 882, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 163, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2799| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2800| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2801|-> return getContext().getAuthenticator().authenticate(this, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2802| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2803| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.login(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2810, + "event": "path", + "message": "Condition \"getAuthType() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2810, + "event": "path", + "message": "Condition \"getRemoteUser() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2810, + "event": "path", + "message": "Condition \"getUserPrincipal() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2816, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2816, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 881, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 882, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 163, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2814| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2815| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2816|-> getContext().getAuthenticator().login(username, password, this);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2817| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2818| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.connector.Request.logout()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2824, + "event": "returned_null", + "message": "\"getAuthenticator\" returns \"null\" (checked 4 out of 8 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.getAuthenticator\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2824, + "event": "null_method_call", + "message": "Calling a method on null object \"getContext().getAuthenticator()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 51, + "event": "example_assign", + "message": "Example 1: Assigning: \"authenticator\" = return value from \"context.getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 52, + "event": "example_checked", + "message": "Example 1 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 881, + "event": "example_assign", + "message": "Example 2: Assigning: \"authenticator\" = return value from \"request.getContext().getAuthenticator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/CoyoteAdapter.java", + "line": 882, + "event": "example_checked", + "message": "Example 2 (cont.): \"authenticator\" has its value checked in \"authenticator instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationPushBuilder.java", + "line": 163, + "event": "example_checked", + "message": "Example 3: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() instanceof org.apache.catalina.authenticator.AuthenticatorBase\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 356, + "event": "example_checked", + "message": "Example 4: \"context.getAuthenticator()\" has its value checked in \"context.getAuthenticator() != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2822| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2823| public void logout() throws ServletException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2824|-> getContext().getAuthenticator().logout(this);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2825| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2826| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.core.ApplicationServletRegistration.getMappings()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 210, + "event": "returned_null", + "message": "\"findServletMappings\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findServletMappings\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 210, + "event": "var_assigned", + "message": "Assigning: \"urlPatterns\" = \"null\" return value from \"findServletMappings\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/ApplicationServletRegistration.java", + "line": 211, + "event": "null_array_length", + "message": "Accessing length of null array \"urlPatterns\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210| String[] urlPatterns = context.findServletMappings();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211|-> for (String urlPattern : urlPatterns) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| String name = context.findServletMapping(urlPattern);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 213| if (name.equals(servletName)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.core.StandardContext.postWorkDirectory()", + "language": "java", + "tool": "coverity", + "key_event_idx": 17, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6120, + "event": "path", + "message": "Condition \"workDir == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6127, + "event": "path", + "message": "Condition \"parentHost != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6129, + "event": "path", + "message": "Condition \"parentHost instanceof org.apache.catalina.core.StandardHost\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6133, + "event": "path", + "message": "Condition \"parentEngine != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6137, + "event": "path", + "message": "Condition \"hostName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6140, + "event": "path", + "message": "Condition \"engineName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6145, + "event": "path", + "message": "Condition \"temp.startsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6150, + "event": "path", + "message": "Condition \"temp.length() < 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6153, + "event": "path", + "message": "Condition \"hostWorkDir != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6164, + "event": "path", + "message": "Condition \"!dir.isAbsolute()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6167, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"getCanonicalPath\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6169, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6174, + "event": "path", + "message": "Condition \"!dir.mkdirs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6174, + "event": "path", + "message": "Condition \"!dir.isDirectory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6180, + "event": "path", + "message": "Condition \"context == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6180, + "event": "var_compare_op", + "message": "Comparing \"context\" to null implies that \"context\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6181, + "event": "no_write_call", + "message": "Although \"getServletContext\" does overwrite \"this.context\" on some paths, it also contains at least one feasible path which does not overwrite it.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardContext.java", + "line": 6183, + "event": "null_method_call", + "message": "Calling a method on null object \"context\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6181| getServletContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6182| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6183|-> context.setAttribute(ServletContext.TEMPDIR, dir);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6184| context.setAttributeReadOnly(ServletContext.TEMPDIR);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 6185| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.core.StandardWrapperValve.invoke(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 101, + "event": "path", + "message": "Condition \"!context.getState().isAvailable()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 108, + "event": "path", + "message": "Condition \"!unavailable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 127, + "event": "path", + "message": "Condition \"!unavailable\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 130, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 161, + "event": "path", + "message": "Condition \"request.getDispatcherType() == javax.servlet.DispatcherType.ASYNC\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 175, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 202, + "event": "path", + "message": "Falling through to finally statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 255, + "event": "path", + "message": "Condition \"filterChain != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 261, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 264, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 277, + "event": "path", + "message": "Condition \"servlet != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 281, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 292, + "event": "read_volatile", + "message": "Reading \"processingTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 292, + "event": "intervening_update", + "message": "Another thread writes to \"processingTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardWrapperValve.java", + "line": 292, + "event": "stale_update", + "message": "Updating \"processingTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 290| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 291| long time=t2-t1;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292|-> processingTime += time;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| if( time > maxTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| maxTime=time;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.deploy.NamingResourcesImpl.addEnvironment(org.apache.tomcat.util.descriptor.web.ContextEnvironment)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 250, + "event": "path", + "message": "Condition \"entries.contains(environment.getName())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 253, + "event": "path", + "message": "Condition \"ce != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 259, + "event": "path", + "message": "Condition \"rl != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 261, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/deploy/NamingResourcesImpl.java", + "line": 261, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 259| } else if (rl != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 260| // Link. Need to look at the global resources", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 261|-> NamingResourcesImpl global = getServer().getGlobalNamingResources();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 262| if (global.findEnvironment(rl.getGlobal()) != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 263| if (global.findEnvironment(rl.getGlobal()).getOverride()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.catalina.filters.CsrfPreventionFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 115, + "event": "path", + "message": "Condition \"request instanceof javax.servlet.http.HttpServletRequest\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 115, + "event": "path", + "message": "Condition \"response instanceof javax.servlet.http.HttpServletResponse\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 123, + "event": "path", + "message": "Condition \"\"GET\" /* org.apache.catalina.filters.Constants.METHOD_GET */.equals(req.getMethod())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 123, + "event": "path", + "message": "Condition \"entryPoints.contains(getRequestedPath(req))\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 125, + "event": "path", + "message": "Condition \"log.isTraceEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 134, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"session\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 139, + "event": "path", + "message": "Condition \"!skipNonceCheck\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 180, + "event": "path", + "message": "Condition \"nonceCache == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 181, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 182, + "event": "path", + "message": "Condition \"null == session\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 186, + "event": "path", + "message": "Condition \"session == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/CsrfPreventionFilter.java", + "line": 193, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"session\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| session = req.getSession(true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193|-> session.setAttribute(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| Constants.CSRF_NONCE_SESSION_ATTR_NAME, nonceCache);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.filters.ExpiresFilter.getExpirationDate(javax.servlet.http.HttpServletRequest, org.apache.catalina.filters.ExpiresFilter$XHttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1288, + "event": "path", + "message": "Condition \"contentType == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1302, + "event": "path", + "message": "Condition \"contentType != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1309, + "event": "path", + "message": "Condition \"configuration != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1319, + "event": "path", + "message": "Condition \"org.apache.catalina.filters.ExpiresFilter.contains(contentType, \";\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1321, + "event": "returned_null", + "message": "\"substringBefore\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/filters/ExpiresFilter.java", + "line": 1321, + "event": "null_method_call", + "message": "Calling a method on null object \"org.apache.catalina.filters.ExpiresFilter.substringBefore(contentType, \";\")\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1319| if (contains(contentType, \";\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1320| // lookup content-type without charset match (e.g. \"text/html\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1321|-> String contentTypeWithoutCharset = substringBefore(contentType, \";\").trim();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1322| configuration = expiresConfigurationByContentType.get(contentTypeWithoutCharset);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1323| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.catalina.ha.session.DeltaSession.doReadObject(java.io.ObjectInput)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 846, + "event": "path", + "message": "Condition \"hasPrincipal\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 852, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.session.DeltaSession.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 857, + "event": "path", + "message": "Condition \"attributes == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 861, + "event": "save", + "message": "Saving non-local \"isValid\" in local \"isValidSave\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 862, + "event": "modify", + "message": "Modifying non-local \"isValid\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 863, + "event": "path", + "message": "Condition \"i < n\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "exception", + "message": "Value of non-local \"isValid\" that was saved in \"isValidSave\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "remediation", + "message": "Did you intend to handle restoring \"isValid\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 867, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"readObject\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 868, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 869, + "event": "path", + "message": "Condition \"wae.getCause() instanceof java.io.NotSerializableException\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 873, + "event": "path", + "message": "Throwing \"java.io.WriteAbortedException\" (or subclass); exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/DeltaSession.java", + "line": 885, + "event": "restore_example", + "message": "The original value of non-local \"isValid\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 865| final Object value;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 866| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 867|-> value = stream.readObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 868| } catch (WriteAbortedException wae) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 869| if (wae.getCause() instanceof NotSerializableException) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ha.session.JvmRouteBinderValve.changeSessionID(org.apache.catalina.connector.Request, java.lang.String, java.lang.String, org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java", + "line": 328, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java", + "line": 328, + "event": "null_method_call", + "message": "Calling a method on null object \"catalinaSession.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 326| String newSessionID, Session catalinaSession) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327| fireLifecycleEvent(\"Before session migration\", catalinaSession);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328|-> catalinaSession.getManager().changeSessionId(catalinaSession, newSessionID);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329| changeRequestSessionID(request, sessionId, newSessionID);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| fireLifecycleEvent(\"After session migration\", catalinaSession);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.sendCrossContextSession()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 429, + "event": "path", + "message": "Condition \"sessions != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 429, + "event": "path", + "message": "Condition \"sessions.size() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 430, + "event": "path", + "message": "Iterating over another element of \"sessions\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 431, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 436, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 437, + "event": "read_volatile", + "message": "Reading \"nrOfCrossContextSendRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 437, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfCrossContextSendRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 437, + "event": "stale_update", + "message": "Updating \"nrOfCrossContextSendRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| sendMessage(session,(ClusterManager)session.getManager());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 437|-> nrOfCrossContextSendRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.resetDeltaRequest(org.apache.catalina.Session)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 475, + "event": "path", + "message": "Condition \"org.apache.catalina.ha.tcp.ReplicationValve.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 476, + "event": "returned_null", + "message": "\"getManager\" returns \"null\" (checked 1 out of 5 times). (The virtual call resolves to \"org.apache.catalina.manager.DummyProxySession.getManager\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 476, + "event": "null_method_call", + "message": "Calling a method on null object \"session.getManager()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 46, + "event": "example_assign", + "message": "Example 1: Assigning: \"manager\" = return value from \"session.getManager()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/authenticator/SingleSignOnListener.java", + "line": 47, + "event": "example_checked", + "message": "Example 1 (cont.): \"manager\" has its value checked in \"manager == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 474| protected void resetDeltaRequest(Session session) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 475| if(log.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 476|-> log.debug(sm.getString(\"ReplicationValve.resetDeltaRequest\" ,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 477| session.getManager().getContext().getName() ));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.sendSessionReplicationMessage(org.apache.catalina.connector.Request, org.apache.catalina.ha.ClusterManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 490, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 493, + "event": "path", + "message": "Condition \"!isRequestWithoutSessionChange(uri)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 499, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 500, + "event": "read_volatile", + "message": "Reading \"nrOfFilterRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 500, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfFilterRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 500, + "event": "stale_update", + "message": "Updating \"nrOfFilterRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 498| } else", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 499| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 500|-> nrOfFilterRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 501| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 502| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.send(org.apache.catalina.ha.ClusterManager, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 528, + "event": "path", + "message": "Condition \"msg != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 528, + "event": "path", + "message": "Condition \"cluster != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 530, + "event": "path", + "message": "Condition \"doStatistics()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 531, + "event": "read_volatile", + "message": "Reading \"nrOfSendRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 531, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfSendRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 531, + "event": "stale_update", + "message": "Updating \"nrOfSendRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 529| cluster.send(msg);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530| if(doStatistics()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531|-> nrOfSendRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 573, + "event": "read_volatile", + "message": "Reading \"totalSendTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 573, + "event": "intervening_update", + "message": "Another thread writes to \"totalSendTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 573, + "event": "stale_update", + "message": "Updating \"totalSendTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 571| long currentTime = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 572| lastSendTime = currentTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573|-> totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| nrOfRequests++;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 574, + "event": "read_volatile", + "message": "Reading \"totalRequestTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 574, + "event": "intervening_update", + "message": "Another thread writes to \"totalRequestTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 574, + "event": "stale_update", + "message": "Updating \"totalRequestTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 572| lastSendTime = currentTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573| totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574|-> totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| nrOfRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| if(log.isInfoEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.ha.tcp.ReplicationValve.updateStats(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "read_volatile", + "message": "Reading \"nrOfRequests\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfRequests\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ha/tcp/ReplicationValve.java", + "line": 575, + "event": "stale_update", + "message": "Updating \"nrOfRequests\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573| totalSendTime += currentTime - clusterTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| totalRequestTime += currentTime - requestTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575|-> nrOfRequests++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| if(log.isInfoEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| if ( (nrOfRequests % 100) == 0 ) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.upload(javax.servlet.http.HttpServletRequest, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 242, + "event": "path", + "message": "Condition \"true\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 244, + "event": "path", + "message": "Condition \"warPart == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 249, + "event": "returned_null", + "message": "\"getSubmittedFileName\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationPart.getSubmittedFileName\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 249, + "event": "var_assigned", + "message": "Assigning: \"filename\" = \"null\" return value from \"getSubmittedFileName\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 250, + "event": "null_method_call", + "message": "Calling a method on null object \"filename\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/connector/Request.java", + "line": 2947, + "event": "example_checked", + "message": "Example 1: \"part.getSubmittedFileName()\" has its value checked in \"part.getSubmittedFileName() == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 248| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 249| String filename = warPart.getSubmittedFileName();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 250|-> if (!filename.toLowerCase(Locale.ENGLISH).endsWith(\".war\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 251| message = smClient.getString(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 252| \"htmlManagerServlet.deployUploadNotWar\", filename);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.manager.HTMLManagerServlet.displaySessionDetailPage(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.apache.catalina.util.ContextName, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 0, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1005, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1005, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1005, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1005, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1003| resp.setDateHeader(\"Expires\", 0); // 0 means now", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1004| req.setAttribute(\"currentSession\", session);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1005|-> getServletContext().getRequestDispatcher(resp.encodeURL(sessionDetailJspPath)).include(req, resp);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1006| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1007| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.invalidateSessions(org.apache.catalina.util.ContextName, java.lang.String[], org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1019, + "event": "path", + "message": "Condition \"null == sessionIds\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1028, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1031, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1036, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1039, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1026, + "event": "path", + "message": "Condition \"null == session\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1028, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1031, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1044, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1023, + "event": "path", + "message": "Iterating over another element of \"sessionIds\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1024, + "event": "returned_null", + "message": "\"getSessionForNameAndId\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1024, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionForNameAndId(cn, sessionId, smClient)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1022| int nbAffectedSessions = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1023| for (String sessionId : sessionIds) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1024|-> HttpSession session =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1025| getSessionForNameAndId(cn, sessionId, smClient).getSession();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1026| if (null == session) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.manager.HTMLManagerServlet.removeSessionAttribute(org.apache.catalina.util.ContextName, java.lang.String, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1059, + "event": "returned_null", + "message": "\"getSessionForNameAndId\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/HTMLManagerServlet.java", + "line": 1059, + "event": "null_method_call", + "message": "Calling a method on null object \"getSessionForNameAndId(cn, sessionId, smClient)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| protected boolean removeSessionAttribute(ContextName cn, String sessionId,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1058| String attributeName, StringManager smClient) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1059|-> HttpSession session =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1060| getSessionForNameAndId(cn, sessionId, smClient).getSession();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1061| if (null == session) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(java.lang.String, java.lang.String, java.lang.String[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 271, + "event": "var_compare_op", + "message": "Comparing \"parameters\" to null implies that \"parameters\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 273, + "event": "path", + "message": "Condition \"null == methodInfo\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 291, + "event": "path", + "message": "Condition \"i < signature.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/JMXProxyServlet.java", + "line": 294, + "event": "null_array_access", + "message": "Accessing an element on null array \"parameters\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| MBeanParameterInfo pi = signature[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293| signatureTypes[i] = pi.getType();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294|-> values[i] = registry.convertValue(pi.getType(), parameters[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.manager.ManagerServlet.resources(java.io.PrintWriter, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1156, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1157, + "event": "path", + "message": "Condition \"type != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1159, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1165, + "event": "path", + "message": "Condition \"global == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1171, + "event": "path", + "message": "Condition \"type != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1174, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.manager.ManagerServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 168, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.manager.ManagerServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"global\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/ManagerServlet.java", + "line": 1178, + "event": "write", + "message": "\"global\" is modified in call to \"printResources\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1176| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1177| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1178|-> printResources(writer, \"\", global, type, smClient);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1179| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1180| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.manager.host.HostManagerServlet.stop(java.io.PrintWriter, java.lang.String, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 606, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 607, + "event": "set_thread_shared", + "message": "Call to \"log\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 611, + "event": "path", + "message": "Condition \"name == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 611, + "event": "path", + "message": "Condition \"name.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 620, + "event": "path", + "message": "Condition \"host == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 627, + "event": "path", + "message": "Condition \"host == installedHost\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 634, + "event": "path", + "message": "Condition \"!host.getState().isAvailable()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 642, + "event": "path", + "message": "Throwing \"org.apache.catalina.LifecycleException\" (or subclass) from call to \"stop\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 645, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 646, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 646, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 646, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 644| name));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 645| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 646|-> getServletContext().log(sm.getString(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 647| \"hostManagerServlet.stopFailed\", name), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 648| writer.println(smClient.getString(\"hostManagerServlet.stopFailed\",", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.manager.host.HostManagerServlet.persist(java.io.PrintWriter, org.apache.tomcat.util.res.StringManager)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 664, + "event": "path", + "message": "Condition \"debug >= 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 665, + "event": "set_thread_shared", + "message": "Call to \"log\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 670, + "event": "path", + "message": "Throwing \"javax.management.MalformedObjectNameException\" from call to \"ObjectName\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 673, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 674, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 674, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/manager/host/HostManagerServlet.java", + "line": 674, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 672| writer.println(smClient.getString(\"hostManagerServlet.persisted\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 673| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 674|-> getServletContext().log(sm.getString(\"hostManagerServlet.persistFailed\"), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 675| writer.println(smClient.getString(\"hostManagerServlet.persistFailed\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 676| // catch InstanceNotFoundException when StoreConfig is not enabled instead of printing", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findApplicationParameters()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 39, + "event": "returned_null", + "message": "\"findApplicationParameters\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findApplicationParameters\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 39, + "event": "var_assigned", + "message": "Assigning: \"params\" = \"null\" return value from \"findApplicationParameters\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 40, + "event": "null_array_length", + "message": "Accessing length of null array \"params\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 38| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 39| ApplicationParameter[] params = context.findApplicationParameters();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 40|-> String[] stringParams = new String[params.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| for (int counter = 0; counter < params.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| stringParams[counter] = params[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findConstraints()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 60, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 60, + "event": "var_assigned", + "message": "Assigning: \"constraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 61, + "event": "null_array_length", + "message": "Accessing length of null array \"constraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| SecurityConstraint[] constraints = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> String[] stringConstraints = new String[constraints.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| for (int counter = 0; counter < constraints.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| stringConstraints[counter] = constraints[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 80, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 2 out of 3 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 80, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(errorCode)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 221, + "event": "example_assign", + "message": "Example 1: Assigning: \"errorPage\" = return value from \"context.findErrorPage(statusCode)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 222, + "event": "example_checked", + "message": "Example 1 (cont.): \"errorPage\" has its value checked in \"errorPage == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 224, + "event": "example_assign", + "message": "Example 2: Assigning: \"errorPage\" = return value from \"context.findErrorPage(0)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 226, + "event": "example_checked", + "message": "Example 2 (cont.): \"errorPage\" has its value checked in \"errorPage != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| public String findErrorPage(int errorCode) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80|-> return context.findErrorPage(errorCode).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 97, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 97, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(exceptionType)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| public String findErrorPage(String exceptionType) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97|-> return context.findErrorPage(exceptionType).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPage(java.lang.Throwable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 111, + "event": "returned_null", + "message": "\"findErrorPage\" returns \"null\" (checked 2 out of 3 times). (The virtual call resolves to \"org.apache.catalina.core.StandardContext.findErrorPage\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 111, + "event": "null_method_call", + "message": "Calling a method on null object \"context.findErrorPage(exceptionType)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 300, + "event": "example_assign", + "message": "Example 1: Assigning: \"errorPage\" = return value from \"context.findErrorPage(throwable)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 301, + "event": "example_checked", + "message": "Example 1 (cont.): \"errorPage\" has its value checked in \"errorPage == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 302, + "event": "example_assign", + "message": "Example 2: Assigning: \"errorPage\" = return value from \"context.findErrorPage(realError)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/StandardHostValve.java", + "line": 305, + "event": "example_checked", + "message": "Example 2 (cont.): \"errorPage\" has its value checked in \"errorPage != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| public String findErrorPage(Throwable exceptionType) throws MBeanException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| Context context = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111|-> return context.findErrorPage(exceptionType).toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findErrorPages()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 125, + "event": "returned_null", + "message": "\"findErrorPages\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findErrorPages\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 125, + "event": "var_assigned", + "message": "Assigning: \"pages\" = \"null\" return value from \"findErrorPages\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 126, + "event": "null_array_length", + "message": "Accessing length of null array \"pages\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 124| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 125| ErrorPage[] pages = context.findErrorPages();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126|-> String[] stringPages = new String[pages.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| for (int counter = 0; counter < pages.length; counter++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128| stringPages[counter] = pages[counter].toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ContextMBean.findFilterDef(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 147, + "event": "returned_null", + "message": "\"findFilterDef\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findFilterDef\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 147, + "event": "var_assigned", + "message": "Assigning: \"filterDef\" = \"null\" return value from \"findFilterDef\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ContextMBean.java", + "line": 148, + "event": "null_method_call", + "message": "Calling a method on null object \"filterDef\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 146| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 147| FilterDef filterDef = context.findFilterDef(name);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 148|-> return filterDef.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.catalina.mbeans.JmxRemoteLifecycleListener.lifecycleEvent(org.apache.catalina.LifecycleEvent)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 311, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(this.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"this.defaultCertificate\" to \"this.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \"(this.certificates).certificateKeystor [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"getCertificates\". This call returns \"this.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates()\".) Now \"(getCertificates()).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"getCertificates()\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "identity", + "message": "Calling \"next\". This call returns \"getCertificates().iterator()\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"getCertificates().iterator().next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 312, + "event": "assign", + "message": "Assigning: \"certificate\" = \"(org.apache.tomcat.util.net.SSLHostConfigCertificate)getCertificates().iterator().next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 314, + "event": "identity", + "message": "Calling \"JSSEUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 314, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.jsse.JSSEUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "password_use", + "message": "Calling \"getKeyManagers\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers()\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| setEnabledProtocols(sslUtil.getEnabledProtocols());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| setEnabledCiphers(sslUtil.getEnabledCiphers());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319|-> sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320| SSLSessionContext sessionContext = sslContext.getServerSessionContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| if (sessionContext != null) {", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java", + "line": 319, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.MBeanFactory.addRealmToParent(java.lang.String, org.apache.catalina.Realm)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 240, + "event": "returned_null", + "message": "\"getParentContainerFromParent\" returns \"null\" (checked 3 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 240, + "event": "var_assigned", + "message": "Assigning: \"container\" = \"null\" return value from \"getParentContainerFromParent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 242, + "event": "null_method_call", + "message": "Calling a method on null object \"container\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 579, + "event": "example_assign", + "message": "Example 1: Assigning: \"container\" = return value from \"getParentContainerFromParent(pname)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 580, + "event": "example_checked", + "message": "Example 1 (cont.): \"container\" has its value checked in \"container instanceof org.apache.catalina.Context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 635, + "event": "example_assign", + "message": "Example 2: Assigning: \"container\" = return value from \"getParentContainerFromParent(parentName)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 637, + "event": "example_checked", + "message": "Example 2 (cont.): \"container\" has its value checked in \"container == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 670, + "event": "example_assign", + "message": "Example 3: Assigning: \"container\" = return value from \"getParentContainerFromParent(pname)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/MBeanFactory.java", + "line": 671, + "event": "example_checked", + "message": "Example 3 (cont.): \"container\" has its value checked in \"container instanceof org.apache.catalina.Context\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 240| Container container = getParentContainerFromParent(pname);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 241| // Add the new instance to its parent component", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 242|-> container.setRealm(realm);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 243| // Return the corresponding MBean name", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 244| ObjectName oname = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.mbeans.ServiceMBean.getExecutor(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 114, + "event": "returned_null", + "message": "\"getExecutor\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.StandardService.getExecutor\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 114, + "event": "var_assigned", + "message": "Assigning: \"executor\" = \"null\" return value from \"getExecutor\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/mbeans/ServiceMBean.java", + "line": 115, + "event": "null_method_call", + "message": "Calling a method on null object \"executor\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ConnectorCreateRule.java", + "line": 62, + "event": "example_assign", + "message": "Example 1: Assigning: \"ex\" = return value from \"svc.getExecutor(executorName)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ConnectorCreateRule.java", + "line": 66, + "event": "example_checked", + "message": "Example 1 (cont.): \"ex\" has its value checked in \"ex != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| Service service = doGetManagedResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| Executor executor = service.getExecutor(name);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115|-> return executor.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 117| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.DataSourceRealm.open()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 384, + "event": "path", + "message": "Condition \"localDataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 388, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/DataSourceRealm.java", + "line": 388, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 386| context = (Context) context.lookup(\"comp/env\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 387| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388|-> context = getServer().getGlobalNamingContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| DataSource dataSource = (DataSource)context.lookup(dataSourceName);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.JNDIRealm.authenticate(org.apache.catalina.realm.JNDIRealm$JNDIConnection, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1319, + "event": "path", + "message": "Condition \"username == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1319, + "event": "path", + "message": "Condition \"username.equals(\"\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1319, + "event": "path", + "message": "Condition \"credentials == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1319, + "event": "path", + "message": "Condition \"credentials.equals(\"\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1332, + "event": "path", + "message": "Condition \"!isUseContextClassLoader()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1337, + "event": "path", + "message": "Condition \"userPatternArray != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1338, + "event": "path", + "message": "Condition \"curUserPattern < userPatternArray.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1341, + "event": "path", + "message": "Condition \"user != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1361, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1338, + "event": "path", + "message": "Condition \"curUserPattern < userPatternArray.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1341, + "event": "path", + "message": "Condition \"user != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1344, + "event": "path", + "message": "Condition \"checkCredentials(connection.context, user, credentials)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1346, + "event": "returned_null", + "message": "\"getRoles\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1346, + "event": "var_assigned", + "message": "Assigning: \"roles\" = \"null\" return value from \"getRoles\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1347, + "event": "path", + "message": "Condition \"containerLog.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 1348, + "event": "null_method_call", + "message": "Calling a method on null object \"roles\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1346| List roles = getRoles(connection, user);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1347| if (containerLog.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1348|-> containerLog.debug(\"Found roles: \" + roles.toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1349| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1350| return new GenericPrincipal(username, credentials, roles);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.realm.JNDIRealm.createTlsDirContext(java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2718, + "event": "path", + "message": "Iterating over another element of \"java.util.Arrays.asList(\"java.naming.security.authentication\", \"java.naming.security.credentials\", \"java.naming.security.principal\", \"java.naming.security.protocol\")\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2721, + "event": "path", + "message": "Condition \"entry != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2724, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2718, + "event": "path", + "message": "No elements left in \"java.util.Arrays.asList(\"java.naming.security.authentication\", \"java.naming.security.credentials\", \"java.naming.security.principal\", \"java.naming.security.protocol\")\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2727, + "event": "new_resource", + "message": "\"new javax.naming.ldap.InitialLdapContext(env, null)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2727, + "event": "var_assign", + "message": "Assigning: \"result\" = resource returned from \"new javax.naming.ldap.InitialLdapContext(env, null)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2728, + "event": "noescape", + "message": "Resource \"result\" is not closed or saved in \"extendedOperation\". (The virtual call resolves to \"javax.naming.ldap.InitialLdapContext.extendedOperation\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2729, + "event": "path", + "message": "Condition \"getHostnameVerifier() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2732, + "event": "path", + "message": "Condition \"getCipherSuitesArray() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2738, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2742, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2743, + "event": "path", + "message": "Iterating over another element of \"savedEnv.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2745, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2743, + "event": "path", + "message": "Iterating over another element of \"savedEnv.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2744, + "event": "path", + "message": "Throwing \"javax.naming.NamingException\" (or subclass) from call to \"addToEnvironment\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/JNDIRealm.java", + "line": 2744, + "event": "leaked_resource", + "message": "Variable \"result\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2742| if (result != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2743| for (Map.Entry savedEntry : savedEnv.entrySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2744|-> result.addToEnvironment(savedEntry.getKey(), savedEntry.getValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2745| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2746| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.RealmBase.hasResourcePermission(org.apache.catalina.connector.Request, org.apache.catalina.connector.Response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[], org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 19, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 819, + "event": "path", + "message": "Condition \"constraints == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 819, + "event": "path", + "message": "Condition \"constraints.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 827, + "event": "path", + "message": "No elements left in \"constraints\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"!denyfromall\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"allRolesMode != org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_MODE\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"!status\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 883, + "event": "path", + "message": "Condition \"principal != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 885, + "event": "path", + "message": "Condition \"org.apache.catalina.realm.RealmBase.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 889, + "event": "path", + "message": "Iterating over another element of \"constraints\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 892, + "event": "path", + "message": "Condition \"constraint.getAllRoles()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 893, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "path", + "message": "Condition \"roles.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.STRICT_AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 911, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 889, + "event": "path", + "message": "Iterating over another element of \"constraints\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 892, + "event": "path", + "message": "Condition \"constraint.getAllRoles()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 893, + "event": "path", + "message": "Condition \"allRolesMode == org.apache.catalina.realm.RealmBase.AllRolesMode.AUTH_ONLY_MODE\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 902, + "event": "returned_null", + "message": "\"findSecurityRoles\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findSecurityRoles\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 902, + "event": "var_assigned", + "message": "Assigning: \"roles\" = \"null\" return value from \"findSecurityRoles\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 903, + "event": "null_array_length", + "message": "Accessing length of null array \"roles\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 831, + "event": "example_assign", + "message": "Example 1: Assigning: \"roles\" = return value from \"request.getContext().findSecurityRoles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 836, + "event": "example_checked", + "message": "Example 1 (cont.): \"roles\" has its value checked in \"roles == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 901| // For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 902| roles = request.getContext().findSecurityRoles();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 903|-> if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 904| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 905| log.debug(\"Granting access for role-name=*, strict auth-only\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.realm.UserDatabaseRealm.getUserDatabase()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 219, + "event": "path", + "message": "Condition \"database == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 221, + "event": "path", + "message": "Condition \"database == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 224, + "event": "path", + "message": "Condition \"localJndiResource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 228, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/UserDatabaseRealm.java", + "line": 228, + "event": "null_method_call", + "message": "Calling a method on null object \"getServer()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 226| context = (Context) context.lookup(\"comp/env\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 227| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 228|-> context = getServer().getGlobalNamingContext();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| database = (UserDatabase) context.lookup(resourceName);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 541, + "event": "set_thread_shared", + "message": "Call to \"getServletConfig\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 550, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 550, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 550, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 548| // Document the servlet context properties", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| log.trace(\"ServletContext Properties\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550|-> log.trace(\"Major Version: [\" + getServletContext().getMajorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| log.trace(\"Minor Version: [\" + getServletContext().getMinorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| log.trace(\"Real Path for '/': [\" + getServletContext().getRealPath(\"/\") + \"]\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 550, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 551, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 551, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 551, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 549| log.trace(\"ServletContext Properties\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| log.trace(\"Major Version: [\" + getServletContext().getMajorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551|-> log.trace(\"Minor Version: [\" + getServletContext().getMinorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| log.trace(\"Real Path for '/': [\" + getServletContext().getRealPath(\"/\") + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| log.trace(\"Server Info: [\" + getServletContext().getServerInfo() + \"]\");", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 551, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 552, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 552, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 552, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 550| log.trace(\"Major Version: [\" + getServletContext().getMajorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| log.trace(\"Minor Version: [\" + getServletContext().getMinorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552|-> log.trace(\"Real Path for '/': [\" + getServletContext().getRealPath(\"/\") + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| log.trace(\"Server Info: [\" + getServletContext().getServerInfo() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 552, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 553, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 553, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 553, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 551| log.trace(\"Minor Version: [\" + getServletContext().getMinorVersion() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| log.trace(\"Real Path for '/': [\" + getServletContext().getRealPath(\"/\") + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553|-> log.trace(\"Server Info: [\" + getServletContext().getServerInfo() + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| // Document the servlet context initialization parameters", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 553, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 557, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 557, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 557, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| // Document the servlet context initialization parameters", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| log.trace(\"ServletContext Initialization Parameters\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 557|-> params = getServletContext().getInitParameterNames();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 558| while (params.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559| String param = params.nextElement();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 557, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 558, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 560, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 560, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 560, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 558| while (params.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559| String param = params.nextElement();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 560|-> String value = getServletContext().getInitParameter(param);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 561| log.trace(\"Servlet Context Init Param: \" + param + \": [\" + value + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 562| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 557, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 558, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 566, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 566, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 566, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 564| // Document the servlet context attributes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 565| log.trace(\"ServletContext Attributes\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 566|-> attrs = getServletContext().getAttributeNames();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| while (attrs.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568| String attr = attrs.nextElement();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.printServletEnvironment(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 461, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 469, + "event": "path", + "message": "Condition \"locales.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 474, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 493, + "event": "path", + "message": "Condition \"cookies != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "Iterating over another element of \"cookies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 496, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 494, + "event": "path", + "message": "No elements left in \"cookies\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 499, + "event": "path", + "message": "Condition \"headers.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 519, + "event": "path", + "message": "Condition \"session != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 530, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 558, + "event": "path", + "message": "Condition \"params.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 566, + "event": "set_thread_shared", + "message": "Call to \"getServletContext\" sets \"super.config\" to a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 567, + "event": "path", + "message": "Condition \"attrs.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 569, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 569, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 569, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 567| while (attrs.hasMoreElements()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 568| String attr = attrs.nextElement();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 569|-> log.trace(\"Servlet Context Attribute: \" + attr +", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 570| \": [\" + getServletContext().getAttribute(attr) + \"]\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 571| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 603, + "event": "thread_entry_point", + "message": "\"doGet\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 606, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"super.config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 606, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 606, + "event": "write", + "message": "\"super.config\" is modified in call to \"getServletContext\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 606, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 604| throws ServletException, IOException {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 605| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 606|-> CGIEnvironment cgiEnv = new CGIEnvironment(req, getServletContext());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 607| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 608| if (cgiEnv.isValid()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.servlets.CGIServlet$CGIRunner.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1594, + "event": "path", + "message": "Condition \"!isReady()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1598, + "event": "path", + "message": "Condition \"org.apache.catalina.servlets.CGIServlet.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(java.io.File.separator + \".\" + java.io.File.separator)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(java.io.File.separator + \"..\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1602, + "event": "path", + "message": "Condition \"command.contains(\"..\" + java.io.File.separator)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1623, + "event": "path", + "message": "Condition \"cgiExecutable.length() != 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1626, + "event": "path", + "message": "Condition \"cgiExecutableArgs != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1640, + "event": "path", + "message": "Condition \"!\"\".equals(sContentLength)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1641, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getOutputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1641, + "event": "var_assign", + "message": "Assigning: \"commandsStdIn\" = resource returned from \"new java.io.BufferedOutputStream(proc.getOutputStream())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1642, + "event": "noescape", + "message": "Resource \"commandsStdIn\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1643, + "event": "noescape", + "message": "Resource \"commandsStdIn\" is not closed or saved in \"flush\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1643, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"flush\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1733, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1735, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass).", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1738, + "event": "path", + "message": "Condition \"cgiHeaderReader != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1746, + "event": "path", + "message": "Condition \"cgiOutput != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1754, + "event": "path", + "message": "Condition \"errReaderThread != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1760, + "event": "path", + "message": "Condition \"proc != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1764, + "event": "path", + "message": "Leaving finally statement; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/CGIServlet.java", + "line": 1764, + "event": "leaked_resource", + "message": "Variable \"commandsStdIn\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1762| proc = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1763| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1764|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1765| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1766| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.doPut(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 629, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 626, + "event": "thread_entry_point", + "message": "\"doPut\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 636, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 634| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 635| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 636|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 637| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 638| Range range = parseContentRange(req, resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.executePartialPut(javax.servlet.http.HttpServletRequest, org.apache.catalina.servlets.DefaultServlet$Range, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 702, + "event": "path", + "message": "Condition \"contentFile.createNewFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 710, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708| new RandomAccessFile(contentFile, \"rw\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 709| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 710|-> WebResource oldResource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 711| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 712| // Copy data in oldRevisionContent to contentFile", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.doDelete(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 758, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 755, + "event": "thread_entry_point", + "message": "\"doDelete\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 765, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 763| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 764| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 765|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 766| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 767| if (resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.serveResource(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 839, + "event": "path", + "message": "Condition \"debug > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 840, + "event": "path", + "message": "Condition \"serveContent\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 843, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 849, + "event": "path", + "message": "Condition \"path.length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 855, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 853| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 854| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 855|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 856| boolean isError = DispatcherType.ERROR == request.getDispatcherType();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 857| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.DefaultServlet.getAvailablePrecompressedResources(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 15, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1341, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.isFile()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1341, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1338, + "event": "path", + "message": "Condition \"precompressedResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1341, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1336, + "event": "path", + "message": "Iterating over another element of \"compressionFormats\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 1337, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1335| List ret = new ArrayList<>(compressionFormats.length);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1336| for (CompressionFormat format : compressionFormats) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1337|-> WebResource precompressedResource = resources.getResource(path + format.extension);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1338| if (precompressedResource.exists() && precompressedResource.isFile()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1339| ret.add(new PrecompressedResource(precompressedResource, format));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPropfind(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 492, + "event": "path", + "message": "Condition \"!listings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 498, + "event": "path", + "message": "Condition \"path.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 498, + "event": "path", + "message": "Condition \"path.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 511, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 513, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 525, + "event": "path", + "message": "Condition \"req.getContentLengthLong() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 538, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 540, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 538, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.ELEMENT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"prop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 546, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"propname\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 549, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"allprop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 552, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 555, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 562, + "event": "path", + "message": "Condition \"type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 590, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 590, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 590, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 590, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 588| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 589| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 590|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 591| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 592| if (!resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPropfind(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 32, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 492, + "event": "path", + "message": "Condition \"!listings\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 498, + "event": "path", + "message": "Condition \"path.length() > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 498, + "event": "path", + "message": "Condition \"path.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 511, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 513, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 525, + "event": "path", + "message": "Condition \"req.getContentLengthLong() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 538, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.TEXT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 540, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 538, + "event": "path", + "message": "Switch case value \"org.w3c.dom.Node.ELEMENT_NODE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 542, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"prop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 546, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"propname\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 549, + "event": "path", + "message": "Condition \"currentNode.getNodeName().endsWith(\"allprop\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 552, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 554, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 536, + "event": "path", + "message": "Condition \"i < childList.getLength()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 555, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 562, + "event": "path", + "message": "Condition \"type == 0 /* org.apache.catalina.servlets.WebdavServlet.FIND_BY_PROPERTY */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 592, + "event": "path", + "message": "Condition \"!resource.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 626, + "event": "path", + "message": "Condition \"!resource.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 642, + "event": "path", + "message": "Condition \"depth == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 653, + "event": "path", + "message": "Condition \"!stack.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 653, + "event": "path", + "message": "Condition \"depth >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 661, + "event": "path", + "message": "Condition \"resource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 696, + "event": "path", + "message": "Condition \"stack.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 704, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 653, + "event": "path", + "message": "Condition \"!stack.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 653, + "event": "path", + "message": "Condition \"depth >= 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 659, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 659, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 659, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 659, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 657| type, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 658| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 659|-> resource = resources.getResource(currentPath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 660| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 661| if (resource.isDirectory() && (depth > 0)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doMkcol(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 750, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 750, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 750, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 750, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 748| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 749| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 750|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 751| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 752| // Can't create a collection if a resource already exists at the given", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doPut(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 834, + "event": "path", + "message": "Condition \"isLocked(req)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 840, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 831, + "event": "thread_entry_point", + "message": "\"doPut\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 840, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 840, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 840, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 838| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 839| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 840|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 841| if (resource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 842| sendNotAllowed(req, resp);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.doLock(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 910, + "event": "path", + "message": "Condition \"readOnly\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 915, + "event": "path", + "message": "Condition \"isLocked(req)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 928, + "event": "path", + "message": "Condition \"depthStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 930, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 942, + "event": "path", + "message": "Condition \"lockDurationStr == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 944, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 979, + "event": "path", + "message": "Throwing \"java.io.IOException\" from call to \"parse\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 985, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 989, + "event": "path", + "message": "Condition \"lockInfoNode != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1114, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1114, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1114, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1114, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1112| lock.path = path;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1113| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1114|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1115| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1116| Enumeration locksList = null;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1553, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1553, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1553, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1553, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1551| // Check the source exists", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1552| String path = getRelativePath(req);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1553|-> WebResource source = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1554| if (!source.exists()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1555| resp.sendError(WebdavStatus.SC_NOT_FOUND);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 26, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1554, + "event": "path", + "message": "Condition \"!source.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1563, + "event": "path", + "message": "Condition \"destinationHeader == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1563, + "event": "path", + "message": "Condition \"destinationHeader.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1571, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1579, + "event": "path", + "message": "Condition \"!destinationPath.equals(org.apache.tomcat.util.http.RequestUtil.normalize(destinationPath))\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1584, + "event": "path", + "message": "Condition \"destinationUri.isAbsolute()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1586, + "event": "path", + "message": "Condition \"!req.getScheme().equals(destinationUri.getScheme())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1586, + "event": "path", + "message": "Condition \"!req.getServerName().equals(destinationUri.getHost())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1593, + "event": "path", + "message": "Condition \"req.getServerPort() != destinationUri.getPort()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1594, + "event": "path", + "message": "Condition \"destinationUri.getPort() == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1594, + "event": "path", + "message": "Condition \"\"http\".equals(req.getScheme())\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1594, + "event": "path", + "message": "Condition \"req.getServerPort() == 80\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1598, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1607, + "event": "path", + "message": "Condition \"!destinationPath.startsWith(reqContextPath + \"/\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1615, + "event": "path", + "message": "Condition \"debug > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1620, + "event": "path", + "message": "Condition \"isSpecialPath(destinationPath)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1625, + "event": "path", + "message": "Condition \"destinationPath.equals(path)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1631, + "event": "path", + "message": "Condition \"destinationPath.startsWith(path)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1631, + "event": "path", + "message": "Condition \"destinationPath.charAt(path.length()) == '/'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1631, + "event": "path", + "message": "Condition \"path.startsWith(destinationPath)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1631, + "event": "path", + "message": "Condition \"path.charAt(destinationPath.length()) == '/'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1639, + "event": "path", + "message": "Condition \"overwriteHeader != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1640, + "event": "path", + "message": "Condition \"overwriteHeader.equalsIgnoreCase(\"T\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1642, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1648, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1648, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1648, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1648, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1646| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1647| // Overwriting the destination", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1648|-> WebResource destination = resources.getResource(destinationPath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1649| if (overwrite) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1650| // Delete destination resource, if it exists", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1708, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1712, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1712, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1712, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1712, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1710| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1711| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1712|-> WebResource sourceResource = resources.getResource(source);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1713| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714| if (sourceResource.isDirectory()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1708, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1714, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1715, + "event": "path", + "message": "Condition \"!resources.mkdir(dest)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1716, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1716, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1716, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1716, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1714| if (sourceResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1715| if (!resources.mkdir(dest)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1716|-> WebResource destResource = resources.getResource(dest);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1717| if (!destResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1718| errorList.put(dest, Integer.valueOf(WebdavStatus.SC_CONFLICT));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1708, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1714, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "path", + "message": "Condition \"sourceResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1738, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1736| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1737| } else if (sourceResource.isFile()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1738|-> WebResource destResource = resources.getResource(dest);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1739| if (!destResource.exists() && !destResource.getWebappPath().endsWith(\"/\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1740| int lastSlash = destResource.getWebappPath().lastIndexOf('/');", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.copyResource(java.util.Hashtable, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1708, + "event": "path", + "message": "Condition \"debug > 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1714, + "event": "path", + "message": "Condition \"sourceResource.isDirectory()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1737, + "event": "path", + "message": "Condition \"sourceResource.isFile()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1739, + "event": "path", + "message": "Condition \"!destResource.exists()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1739, + "event": "path", + "message": "Condition \"!destResource.getWebappPath().endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1741, + "event": "path", + "message": "Condition \"lastSlash > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1743, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1743, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1743, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1743, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1741| if (lastSlash > 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1742| String parent = destResource.getWebappPath().substring(0, lastSlash);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1743|-> WebResource parentResource = resources.getResource(parent);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1744| if (!parentResource.isDirectory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1745| errorList.put(source, Integer.valueOf(WebdavStatus.SC_CONFLICT));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.deleteResource(java.lang.String, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1808, + "event": "path", + "message": "Condition \"ifHeader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1813, + "event": "path", + "message": "Condition \"lockTokenHeader == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1817, + "event": "path", + "message": "Condition \"isLocked(path, ifHeader + lockTokenHeader)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1822, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1822, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1822, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1822, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1820| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1821| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1822|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1823| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1824| if (!resource.exists()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.parseProperties(javax.servlet.http.HttpServletRequest, org.apache.catalina.util.XMLWriter, java.lang.String, int, java.util.Vector)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1981, + "event": "path", + "message": "Condition \"isSpecialPath(path)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1985, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1985, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1985, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 1985, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1983| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1984| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1985|-> WebResource resource = resources.getResource(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1986| if (!resource.exists()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1987| // File is in directory listing but doesn't appear to exist", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.catalina.servlets.WebdavServlet.determineMethodsAllowed(javax.servlet.http.HttpServletRequest)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2346, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.catalina.servlets.DefaultServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/DefaultServlet.java", + "line": 137, + "event": "thread_shared_derived", + "message": "\"org.apache.catalina.servlets.DefaultServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2346, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"resources\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2346, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/servlets/WebdavServlet.java", + "line": 2346, + "event": "write", + "message": "\"resources\" is modified in call to \"getResource\". (The virtual call resolves to \"org.apache.catalina.webresources.StandardRoot.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2344| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2345| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2346|-> WebResource resource = resources.getResource(getRelativePath(req));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2347| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2348| // These methods are always allowed. They may return a 404 (not a 405)", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.catalina.session.ManagerBase.generateSessionId()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 890, + "event": "path", + "message": "Condition \"result != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 899, + "event": "path", + "message": "Condition \"sessions.containsKey(result)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 890, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 894, + "event": "read_volatile", + "message": "Reading \"duplicates\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 894, + "event": "intervening_update", + "message": "Another thread writes to \"duplicates\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/session/ManagerBase.java", + "line": 894, + "event": "stale_update", + "message": "Updating \"duplicates\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 892| // that is not a big deal since the fact that there was any", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 893| // duplicate is a much bigger issue.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 894|-> duplicates++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 895| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 896| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIExec.process(org.apache.catalina.ssi.SSIMediator, java.lang.String, java.lang.String[], java.lang.String[], java.io.PrintWriter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 53, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cgi\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 57, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cmd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 65, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getErrorStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 65, + "event": "var_assign", + "message": "Assigning: \"stdErrReader\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader(proc.getErrorStream()))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 68, + "event": "noescape", + "message": "Resource \"stdErrReader\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 72, + "event": "leaked_resource", + "message": "Variable \"stdErrReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| proc.waitFor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| lastModified = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> } catch (InterruptedException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ssiMediator.log(sm.getString(\"ssiExec.executeFailed\", substitutedValue), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| writer.write(configErrMsg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIExec.process(org.apache.catalina.ssi.SSIMediator, java.lang.String, java.lang.String[], java.lang.String[], java.io.PrintWriter)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 53, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cgi\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 57, + "event": "path", + "message": "Condition \"paramName.equalsIgnoreCase(\"cmd\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 63, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 63, + "event": "var_assign", + "message": "Assigning: \"stdOutReader\" = resource returned from \"new java.io.BufferedReader(new java.io.InputStreamReader(proc.getInputStream()))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 69, + "event": "noescape", + "message": "Resource \"stdOutReader\" is not closed or saved in \"flow\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIExec.java", + "line": 72, + "event": "leaked_resource", + "message": "Variable \"stdOutReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| proc.waitFor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| lastModified = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> } catch (InterruptedException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ssiMediator.log(sm.getString(\"ssiExec.executeFailed\", substitutedValue), e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| writer.write(configErrMsg);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.ssi.SSIServlet.processSSI(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.net.URL)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 199, + "event": "path", + "message": "Condition \"buffered\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 202, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 207, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 207, + "event": "var_assign", + "message": "Assigning: \"resourceInputStream\" = resource returned from \"resourceInfo.getInputStream()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 209, + "event": "path", + "message": "Condition \"encoding == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 213, + "event": "path", + "message": "Condition \"encoding == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 214, + "event": "var_assign", + "message": "Assigning: \"isr\" = resource returned from \"new java.io.InputStreamReader(resourceInputStream)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 215, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 218, + "event": "var_assign", + "message": "Assigning: \"bufferedReader\" = resource returned from \"new java.io.BufferedReader(isr)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "noescape", + "message": "Resource \"bufferedReader\" is not closed or saved in \"process\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"process\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"bufferedReader\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"isr\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 220, + "event": "leaked_resource", + "message": "Variable \"resourceInputStream\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 218| BufferedReader bufferedReader = new BufferedReader(isr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 219| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220|-> long lastModified = ssiProcessor.process(bufferedReader,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| resourceInfo.getLastModified(), printWriter);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| if (lastModified > 0) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureStop()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1032, + "event": "path", + "message": "Condition \"org.apache.catalina.startup.ContextConfig.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1040, + "event": "path", + "message": "Condition \"i < children.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1042, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1040, + "event": "path", + "message": "Condition \"i < children.length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1055, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1055, + "event": "var_assigned", + "message": "Assigning: \"securityConstraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1056, + "event": "null_array_length", + "message": "Accessing length of null array \"securityConstraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1054| // Removing security constraints", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1055| SecurityConstraint[] securityConstraints = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1056|-> for (i = 0; i < securityConstraints.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1057| context.removeConstraint(securityConstraints[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1058| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.validateSecurityRoles()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1189, + "event": "returned_null", + "message": "\"findConstraints\" returns \"null\" (checked 1 out of 4 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findConstraints\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1189, + "event": "var_assigned", + "message": "Assigning: \"constraints\" = \"null\" return value from \"findConstraints\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1190, + "event": "null_array_length", + "message": "Accessing length of null array \"constraints\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 552, + "event": "example_assign", + "message": "Example 1: Assigning: \"constraints\" = return value from \"context.findConstraints()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/realm/RealmBase.java", + "line": 553, + "event": "example_checked", + "message": "Example 1 (cont.): \"constraints\" has its value checked in \"constraints == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1188| // Check role names used in elements", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1189| SecurityConstraint constraints[] = context.findConstraints();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1190|-> for (SecurityConstraint constraint : constraints) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1191| String roles[] = constraint.findAuthRoles();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1192| for (String role : roles) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 21, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1514, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1512| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1513| if (servlet.getLoadOnStartup() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1514|-> wrapper.setLoadOnStartup(servlet.getLoadOnStartup().intValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1515| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1516| if (servlet.getEnabled() != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1516, + "event": "path", + "message": "Condition \"servlet.getEnabled() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1517, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1515| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1516| if (servlet.getEnabled() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1517|-> wrapper.setEnabled(servlet.getEnabled().booleanValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1518| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1519| wrapper.setName(servlet.getServletName());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.configureContext(org.apache.tomcat.util.descriptor.web.WebXml)", + "language": "java", + "tool": "coverity", + "key_event_idx": 22, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1427, + "event": "path", + "message": "No elements left in \"webxml.getContextParams().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1434, + "event": "path", + "message": "No elements left in \"webxml.getEjbLocalRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1437, + "event": "path", + "message": "No elements left in \"webxml.getEjbRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1440, + "event": "path", + "message": "No elements left in \"webxml.getEnvEntries().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1443, + "event": "path", + "message": "No elements left in \"webxml.getErrorPages().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1446, + "event": "path", + "message": "No elements left in \"webxml.getFilters().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1452, + "event": "path", + "message": "No elements left in \"webxml.getFilterMappings()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1456, + "event": "path", + "message": "No elements left in \"webxml.getListeners()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1459, + "event": "path", + "message": "No elements left in \"webxml.getLocaleEncodingMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1465, + "event": "path", + "message": "Condition \"webxml.getLoginConfig() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1468, + "event": "path", + "message": "No elements left in \"webxml.getMessageDestinationRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1476, + "event": "path", + "message": "No elements left in \"webxml.getMimeMappings().entrySet()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1482, + "event": "path", + "message": "No elements left in \"webxml.getResourceEnvRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1486, + "event": "path", + "message": "No elements left in \"webxml.getResourceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1493, + "event": "path", + "message": "No elements left in \"webxml.getSecurityConstraints()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1499, + "event": "path", + "message": "No elements left in \"webxml.getSecurityRoles()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1502, + "event": "path", + "message": "No elements left in \"webxml.getServiceRefs().values()\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1505, + "event": "path", + "message": "Iterating over another element of \"webxml.getServlets().values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1506, + "event": "var_assigned", + "message": "Assigning: \"wrapper\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1513, + "event": "path", + "message": "Condition \"servlet.getLoadOnStartup() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1516, + "event": "path", + "message": "Condition \"servlet.getEnabled() != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1519, + "event": "null_method_call", + "message": "Calling a method on null object \"wrapper\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1517| wrapper.setEnabled(servlet.getEnabled().booleanValue());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1518| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1519|-> wrapper.setName(servlet.getServletName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1520| Map params = servlet.getParameterMap();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1521| for (Entry entry : params.entrySet()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.processJarsForWebFragments(org.apache.tomcat.util.descriptor.web.WebXml, org.apache.tomcat.util.descriptor.web.WebXmlParser)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2119, + "event": "returned_null", + "message": "\"getJarScanner\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.getJarScanner\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2119, + "event": "var_assigned", + "message": "Assigning: \"jarScanner\" = \"null\" return value from \"getJarScanner\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2121, + "event": "path", + "message": "Condition \"context instanceof org.apache.catalina.core.StandardContext\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"absoluteOrder != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"absoluteOrder.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2126, + "event": "path", + "message": "Condition \"!context.getXmlValidation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2136, + "event": "null_method_call", + "message": "Calling a method on null object \"jarScanner\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2134| new FragmentJarScannerCallback(webXmlParser, delegate, parseRequired);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2135| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2136|-> jarScanner.scan(JarScanType.PLUGGABILITY,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2137| context.getServletContext(), callback);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2138| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.ContextConfig.processAnnotationsInParallel(java.util.Set, boolean, java.util.Map)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2211, + "event": "returned_null", + "message": "\"getServer\" returns \"null\" (checked 1 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2211, + "event": "var_assigned", + "message": "Assigning: \"s\" = \"null\" return value from \"getServer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2213, + "event": "null_method_call", + "message": "Calling a method on null object \"s\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1145, + "event": "example_assign", + "message": "Example 1: Assigning: \"s\" = return value from \"getServer()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 1146, + "event": "example_checked", + "message": "Example 1 (cont.): \"s\" has its value checked in \"s != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2211| Server s = getServer();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2212| ExecutorService pool = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2213|-> pool = s.getUtilityExecutor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2214| List> futures = new ArrayList<>(fragments.size());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2215| for (WebXml fragment : fragments) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.startup.HostConfig.deployDescriptor(org.apache.catalina.util.ContextName, java.io.File)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 619, + "event": "path", + "message": "Condition \"org.apache.catalina.startup.HostConfig.log.isInfoEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 624, + "event": "assign_zero", + "message": "Assigning: \"context\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 629, + "event": "path", + "message": "Throwing \"java.io.FileNotFoundException\" (or subclass) from call to \"FileInputStream\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 691, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/HostConfig.java", + "line": 699, + "event": "null_method_call", + "message": "Calling a method on null object \"context\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 697| // default to appBase dir + name", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 698| expandedDocBase = new File(host.getAppBaseFile(), cn.getBaseName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 699|-> if (context.getDocBase() != null && !context.getDocBase().toLowerCase(Locale.ENGLISH).endsWith(\".war\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 700| // first assume docBase is absolute", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 701| expandedDocBase = new File(context.getDocBase());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.Tomcat.addServlet(org.apache.catalina.Context, java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 387, + "event": "returned_null", + "message": "\"createWrapper\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.createWrapper\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 387, + "event": "var_assigned", + "message": "Assigning: \"sw\" = \"null\" return value from \"createWrapper\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/Tomcat.java", + "line": 388, + "event": "null_method_call", + "message": "Calling a method on null object \"sw\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 386| // will do class for name and set init params", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 387| Wrapper sw = ctx.createWrapper();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 388|-> sw.setServletClass(servletClass);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 389| sw.setName(servletName);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 390| ctx.addChild(sw);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.startup.WebAnnotationSet.loadApplicationListenerAnnotations(org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 81, + "event": "returned_null", + "message": "\"findApplicationListeners\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.catalina.startup.FailedContext.findApplicationListeners\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 81, + "event": "var_assigned", + "message": "Assigning: \"applicationListeners\" = \"null\" return value from \"findApplicationListeners\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebAnnotationSet.java", + "line": 82, + "event": "null_array_length", + "message": "Accessing length of null array \"applicationListeners\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| protected static void loadApplicationListenerAnnotations(Context context) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| String[] applicationListeners = context.findApplicationListeners();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82|-> for (String className : applicationListeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| Class clazz = Introspection.loadClass(context, className);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| if (clazz == null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StandardContextSF.store(java.io.PrintWriter, int, java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 71, + "event": "path", + "message": "Condition \"aContext instanceof org.apache.catalina.core.StandardContext\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 72, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 72, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StandardContextSF.java", + "line": 74, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| aContext.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74|-> if (desc.isStoreSeparate()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| URL configFile = ((StandardContext) aContext)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| .getConfigFile();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Context)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 273, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 273, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 274, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 272| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 273| desc = getRegistry().findDescription(aContext.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 274|-> oldSeparate = desc.isStoreSeparate();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 275| desc.setStoreSeparate(false);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| desc.getStoreFactory().store(aWriter, indent, aContext);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Host)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 291, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 291, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 293, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 291| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 292| aHost.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 293|-> desc.getStoreFactory().store(aWriter, indent, aHost);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Service)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 303, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 303, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 305, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 303| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 304| aService.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 305|-> desc.getStoreFactory().store(aWriter, indent, aService);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 306| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 307| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreConfig.store(java.io.PrintWriter, int, org.apache.catalina.Server)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 315, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 315, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreConfig.java", + "line": 317, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| aServer.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317|-> desc.getStoreFactory().store(writer, indent, aServer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreContextAppender.isPrintValue(java.lang.Object, java.lang.Object, java.lang.String, org.apache.catalina.storeconfig.StoreDescription)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 64, + "event": "path", + "message": "Condition \"isPrint\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 66, + "event": "path", + "message": "Condition \"\"workDir\".equals(attrName)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 67, + "event": "returned_null", + "message": "\"getDefaultWorkDir\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 67, + "event": "var_assigned", + "message": "Assigning: \"defaultWorkDir\" = \"null\" return value from \"getDefaultWorkDir\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreContextAppender.java", + "line": 68, + "event": "null_method_call", + "message": "Calling a method on null object \"defaultWorkDir\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 66| if (\"workDir\".equals(attrName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 67| String defaultWorkDir = getDefaultWorkDir(context);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 68|-> isPrint = !defaultWorkDir.equals(context.getWorkDir());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 69| } else if (\"path\".equals(attrName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| isPrint = desc.isStoreSeparate()", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.storeconfig.StoreFactoryBase.storeElement(java.io.PrintWriter, int, java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 163, + "event": "path", + "message": "Condition \"aTagElement != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 167, + "event": "path", + "message": "Condition \"elementFactory != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 168, + "event": "returned_null", + "message": "\"findDescription\" returns \"null\" (checked 11 out of 17 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 168, + "event": "var_assigned", + "message": "Assigning: \"desc\" = \"null\" return value from \"findDescription\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/StoreFactoryBase.java", + "line": 170, + "event": "null_method_call", + "message": "Calling a method on null object \"desc\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 1: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/CredentialHandlerSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 1 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 37, + "event": "example_assign", + "message": "Example 2: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/InterceptorSF.java", + "line": 40, + "event": "example_checked", + "message": "Example 2 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 41, + "event": "example_assign", + "message": "Example 3: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/LoaderSF.java", + "line": 43, + "event": "example_checked", + "message": "Example 3 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 42, + "event": "example_assign", + "message": "Example 4: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/ManagerSF.java", + "line": 44, + "event": "example_checked", + "message": "Example 4 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 45, + "event": "example_assign", + "message": "Example 5: Assigning: \"elementDesc\" = return value from \"getRegistry().findDescription(aElement.getClass())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/storeconfig/NamingResourcesSF.java", + "line": 47, + "event": "example_checked", + "message": "Example 5 (cont.): \"elementDesc\" has its value checked in \"elementDesc != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 168| StoreDescription desc = getRegistry().findDescription(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| aTagElement.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170|-> if (!desc.isTransientChild(aTagElement.getClass().getName())) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171| elementFactory.store(aWriter, indent, aTagElement);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder.add(org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder, org.apache.catalina.tribes.group.interceptors.OrderInterceptor$MessageOrder)", + "language": "java", + "tool": "coverity", + "key_event_idx": 9, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 291, + "event": "path", + "message": "Condition \"head == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 294, + "event": "path", + "message": "Condition \"add == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 297, + "event": "path", + "message": "Condition \"head == add\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 301, + "event": "path", + "message": "Condition \"head.getMsgNr() > add.getMsgNr()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 307, + "event": "assign_zero", + "message": "Assigning: \"prev\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 308, + "event": "path", + "message": "Condition \"iter.getMsgNr() < add.getMsgNr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 308, + "event": "path", + "message": "Condition \"iter.next != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 312, + "event": "path", + "message": "Condition \"iter.getMsgNr() < add.getMsgNr()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 316, + "event": "path", + "message": "Condition \"iter.getMsgNr() > add.getMsgNr()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/group/interceptors/OrderInterceptor.java", + "line": 318, + "event": "null_field_access", + "message": "Accessing field of null object \"prev\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316| } else if (iter.getMsgNr() > add.getMsgNr()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| //add before", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318|-> prev.next = add; // prev cannot be null here, warning suppressed", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| add.next = iter;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.start(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 50, + "event": "path", + "message": "Condition \"(level & 4 /* org.apache.catalina.tribes.MembershipService.MBR_RX */) == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 59, + "event": "path", + "message": "Condition \"org.apache.catalina.tribes.membership.cloud.KubernetesMembershipProvider.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 69, + "event": "path", + "message": "Condition \"caCertFile == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 73, + "event": "path", + "message": "Condition \"clientCertificateFile == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 74, + "event": "path", + "message": "Condition \"protocol == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 78, + "event": "path", + "message": "Condition \"saTokenFile == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getDefault\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "noescape", + "message": "Resource \"java.nio.file.FileSystems.getDefault()\" is not closed or saved in \"getPath\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/membership/cloud/KubernetesMembershipProvider.java", + "line": 82, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"java.nio.file.FileSystems.getDefault()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82|-> byte[] bytes = Files.readAllBytes(FileSystems.getDefault().getPath(saTokenFile));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83| streamProvider = new TokenStreamProvider(new String(bytes, StandardCharsets.US_ASCII), caCertFile);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| } catch (IOException e) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.tribes.tipis.AbstractReplicatedMap.clear(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1209, + "event": "path", + "message": "Condition \"notify\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1211, + "event": "return_collection_alias", + "message": "Call to \"keySet\" returns an \"Iterable\" equivalent to \"this\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1211, + "event": "enhanced_for", + "message": "Starting an iteration on \"keySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1211, + "event": "path", + "message": "Iterating over another element of \"keySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1212, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"this\" which invalidates the iterator for the loop on \"keySet()\". [Note: The source code implementation of the function has been overridden by a builtin model.]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1213, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java", + "line": 1211, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"keySet()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1209| if ( notify ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1210| //only delete active keys", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1211|-> for (K k : keySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1212| remove(k);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1213| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.catalina.tribes.transport.nio.NioSender.write()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"!isConnected()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"this.socketChannel == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "var_compare_op", + "message": "Comparing \"this.socketChannel\" to null implies that \"this.socketChannel\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 203, + "event": "path", + "message": "Condition \"this.dataChannel == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 206, + "event": "path", + "message": "Condition \"current != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 207, + "event": "path", + "message": "Condition \"remaining > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/tribes/transport/nio/NioSender.java", + "line": 210, + "event": "null_method_call", + "message": "Calling a method on null object \"socketChannel\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 208| //we have written everything, or we are starting a new package", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 209| //protect against buffer overwrite", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 210|-> int byteswritten = isUdpBased()?dataChannel.write(writebuf) : socketChannel.write(writebuf);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 211| if (byteswritten == -1 ) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 212| throw new EOFException();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.users.DataSourceUserDatabase.getGroups()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 468, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"openConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 468, + "event": "var_assign", + "message": "Assigning: \"dbConnection\" = JDBC connection returned from \"openConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 469, + "event": "path", + "message": "Condition \"dbConnection != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 469, + "event": "path", + "message": "Condition \"preparedAllGroups != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 490, + "event": "leaked_connection", + "message": "Variable \"dbConnection\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 488| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 489| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 490|-> return groups.values().iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 491| } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 492| groupsReadLock.unlock();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.catalina.users.DataSourceUserDatabase.getRoles()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 509, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"openConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 509, + "event": "var_assign", + "message": "Assigning: \"dbConnection\" = JDBC connection returned from \"openConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 510, + "event": "path", + "message": "Condition \"dbConnection != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 510, + "event": "path", + "message": "Condition \"preparedAllRoles != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabase.java", + "line": 531, + "event": "leaked_connection", + "message": "Variable \"dbConnection\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 529| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 530| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531|-> return roles.values().iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533| rolesReadLock.unlock();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNUSED_VALUE", + "cwe": 563, + "function": "org.apache.catalina.valves.ExtendedAccessLogValve$PatternTokenizer.getToken()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 437, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 442, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 447, + "event": "value_overwrite", + "message": "Overwriting previous write to \"result\" with value from \"buf.toString()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/ExtendedAccessLogValve.java", + "line": 452, + "event": "returned_reference", + "message": "Assigning value from \"buf.toString()\" to \"result\" here, but that stored value is overwritten before it can be used.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 450| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 451| case ')':", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 452|-> result = buf.toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 453| buf = new StringBuilder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 454| break;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.valves.rewrite.ResolverImpl.resolveSsl(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 156, + "event": "path", + "message": "Condition \"key.equals(\"HTTPS\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 158, + "event": "path", + "message": "Condition \"key.equals(\"SSL_PROTOCOL\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 160, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SESSION_ID\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 162, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SESSION_RESUMED\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 164, + "event": "path", + "message": "Condition \"key.equals(\"SSL_SECURE_RENEG\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 166, + "event": "path", + "message": "Condition \"key.equals(\"SSL_COMPRESS_METHOD\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 168, + "event": "path", + "message": "Condition \"key.equals(\"SSL_TLS_SNI\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 170, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 172, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_EXPORT\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 184, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_ALGKEYSIZE\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 191, + "event": "path", + "message": "Condition \"key.equals(\"SSL_CIPHER_USEKEYSIZE\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 192, + "event": "returned_null", + "message": "\"getKeySize\" returns \"null\" (checked 1 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/valves/rewrite/ResolverImpl.java", + "line": 192, + "event": "null_method_call", + "message": "Calling a method on null object \"sslSupport.getKeySize()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProcessor.java", + "line": 802, + "event": "example_assign", + "message": "Example 1: Assigning: \"sslO\" = return value from \"sslSupport.getKeySize()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProcessor.java", + "line": 803, + "event": "example_checked", + "message": "Example 1 (cont.): \"sslO\" has its value checked in \"sslO != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| } else if (key.equals(\"SSL_CIPHER_USEKEYSIZE\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 192|-> return sslSupport.getKeySize().toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 193| } else if (key.startsWith(\"SSL_CLIENT_\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| X509Certificate[] certificates = sslSupport.getPeerCertificateChain();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.catalina.webresources.AbstractFileResourceSet.file(java.lang.String, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 61, + "event": "path", + "message": "Condition \"name.equals(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 69, + "event": "path", + "message": "Condition \"name.endsWith(\"/\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 69, + "event": "path", + "message": "Condition \"file.isFile()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 75, + "event": "path", + "message": "Condition \"mustExist\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 75, + "event": "path", + "message": "Condition \"!file.canRead()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 81, + "event": "path", + "message": "Condition \"getRoot().getAllowLinking()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 87, + "event": "path", + "message": "Condition \"org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 87, + "event": "path", + "message": "Condition \"isInvalidWindowsFilename(name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 95, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 98, + "event": "path", + "message": "Condition \"canPath == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 98, + "event": "path", + "message": "Condition \"!canPath.startsWith(canonicalBase)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 109, + "event": "returned_null", + "message": "\"normalize\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 109, + "event": "var_assigned", + "message": "Assigning: \"absPath\" = \"null\" return value from \"normalize\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/AbstractFileResourceSet.java", + "line": 110, + "event": "null_method_call", + "message": "Calling a method on null object \"absPath\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| // well.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| String absPath = normalize(file.getAbsolutePath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110|-> if (absoluteBase.length() > absPath.length()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| return null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.release(java.lang.ClassLoader)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 104, + "event": "path", + "message": "Condition \"org.apache.catalina.webresources.TomcatURLStreamHandlerFactory.instance == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "enhanced_for", + "message": "Starting an iteration on \"factories\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "path", + "message": "Iterating over another element of \"factories\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 110, + "event": "path", + "message": "Condition \"factoryLoader != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 120, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "path", + "message": "Iterating over another element of \"factories\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 110, + "event": "path", + "message": "Condition \"factoryLoader != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 111, + "event": "path", + "message": "Condition \"classLoader.equals(factoryLoader)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 115, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"factories\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 116, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 120, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/TomcatURLStreamHandlerFactory.java", + "line": 108, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"factories\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| List factories = instance.userFactories;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> for (URLStreamHandlerFactory factory : factories) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| ClassLoader factoryLoader = factory.getClass().getClassLoader();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| while (factoryLoader != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.AbstractProtocol$ConnectionHandler.register(org.apache.coyote.Processor)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1131, + "event": "path", + "message": "Condition \"getProtocol().getDomain() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1135, + "event": "returned_null", + "message": "\"getRequest\" returns \"null\" (checked 3 out of 4 times). (The virtual call resolves to \"org.apache.coyote.http11.upgrade.UpgradeProcessorBase.getRequest\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1135, + "event": "null_method_call", + "message": "Calling a method on null object \"processor.getRequest()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1161, + "event": "example_assign", + "message": "Example 1: Assigning: \"r\" = return value from \"processor.getRequest()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/AbstractProtocol.java", + "line": 1162, + "event": "example_checked", + "message": "Example 1 (cont.): \"r\" has its value checked in \"r == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java", + "line": 109, + "event": "example_assign", + "message": "Example 2: Assigning: \"request\" = return value from \"processor.getRequest()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletInputStream.java", + "line": 110, + "event": "example_checked", + "message": "Example 2 (cont.): \"request\" has its value checked in \"request != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java", + "line": 122, + "event": "example_assign", + "message": "Example 3: Assigning: \"request\" = return value from \"processor.getRequest()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeServletOutputStream.java", + "line": 123, + "event": "example_checked", + "message": "Example 3 (cont.): \"request\" has its value checked in \"request != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1133| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1134| long count = registerCount.incrementAndGet();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1135|-> RequestInfo rp =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1136| processor.getRequest().getRequestProcessor();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1137| rp.setGlobalProcessor(global);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.ajp.AjpProcessor.prepareRequest()", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 655, + "event": "path", + "message": "Condition \"methodCode != -1 /* org.apache.coyote.ajp.Constants.SC_M_JK_STORED */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 668, + "event": "path", + "message": "Condition \"socketWrapper != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 673, + "event": "path", + "message": "Condition \"isSSL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 719, + "event": "path", + "message": "Condition \"contentLengthSet\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 735, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 719, + "event": "path", + "message": "Condition \"contentLengthSet\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 722, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 735, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 685, + "event": "path", + "message": "Condition \"i < hCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 696, + "event": "path", + "message": "Condition \"40960 == isc\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 700, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == 8 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_LENGTH */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 716, + "event": "path", + "message": "Condition \"hId == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 727, + "event": "path", + "message": "Condition \"hId == 7 /* org.apache.coyote.ajp.Constants.SC_REQ_CONTENT_TYPE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 731, + "event": "returned_null", + "message": "\"contentType\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/ajp/AjpProcessor.java", + "line": 731, + "event": "null_method_call", + "message": "Calling a method on null object \"request.contentType()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 729| // just read the content-type header, so set it", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 730| ByteChunk bchunk = vMB.getByteChunk();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 731|-> request.contentType().setBytes(bchunk.getBytes(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 732| bchunk.getOffset(),", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 733| bchunk.getLength());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.coyote.http11.Http11Processor.addInputFilter(org.apache.coyote.http11.InputFilter[], java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 214, + "event": "path", + "message": "Condition \"contentDelimitation\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 228, + "event": "path", + "message": "Condition \"encodingName.equals(\"chunked\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 232, + "event": "path", + "message": "Condition \"i < inputFilters.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 233, + "event": "returned_null", + "message": "\"getEncodingName\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.coyote.http11.filters.SavedRequestInputFilter.getEncodingName\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/Http11Processor.java", + "line": 233, + "event": "null_method_call", + "message": "Calling a method on null object \"inputFilters[i].getEncodingName()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| for (int i = pluggableFilterIndex; i < inputFilters.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233|-> if (inputFilters[i].getEncodingName().toString().equals(encodingName)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 234| inputBuffer.addActiveFilter(inputFilters[i]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 235| return;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addBytesSent(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "read_volatile", + "message": "Reading \"this.bytesSent\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "intervening_update", + "message": "Another thread writes to \"this.bytesSent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 61, + "event": "stale_update", + "message": "Updating \"this.bytesSent\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| public void addBytesSent(long bytesSent) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> this.bytesSent += bytesSent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addBytesReceived(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "read_volatile", + "message": "Reading \"this.bytesReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "intervening_update", + "message": "Another thread writes to \"this.bytesReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 72, + "event": "stale_update", + "message": "Updating \"this.bytesReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 70| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 71| public void addBytesReceived(long bytesReceived) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 72|-> this.bytesReceived += bytesReceived;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addMsgsSent(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "read_volatile", + "message": "Reading \"this.msgsSent\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "intervening_update", + "message": "Another thread writes to \"this.msgsSent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 83, + "event": "stale_update", + "message": "Updating \"this.msgsSent\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| public void addMsgsSent(long msgsSent) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 83|-> this.msgsSent += msgsSent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http11.upgrade.UpgradeInfo.addMsgsReceived(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "read_volatile", + "message": "Reading \"this.msgsReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "intervening_update", + "message": "Another thread writes to \"this.msgsReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http11/upgrade/UpgradeInfo.java", + "line": 94, + "event": "stale_update", + "message": "Updating \"this.msgsReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 93| public void addMsgsReceived(long msgsReceived) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 94|-> this.msgsReceived += msgsReceived;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 95| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 429, + "event": "path", + "message": "Condition \"!countedCookie\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "read_volatile", + "message": "Reading \"headerCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "intervening_update", + "message": "Another thread writes to \"headerCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 430, + "event": "stale_update", + "message": "Updating \"headerCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 165, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"headerCount\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428| // multiple headers to aid compression", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429| if (!countedCookie) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430|-> headerCount ++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| countedCookie = true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "read_volatile", + "message": "Reading \"headerCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "intervening_update", + "message": "Another thread writes to \"headerCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 434, + "event": "stale_update", + "message": "Updating \"headerCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 165, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"headerCount\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434|-> headerCount ++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| // Overhead will vary. The main concern is that lots of small headers", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http2.HpackDecoder.emitHeader(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 426, + "event": "path", + "message": "Condition \"\"cookie\".equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 429, + "event": "path", + "message": "Condition \"!countedCookie\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 433, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "read_volatile", + "message": "Reading \"headerSize\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "intervening_update", + "message": "Another thread writes to \"headerSize\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/HpackDecoder.java", + "line": 440, + "event": "stale_update", + "message": "Updating \"headerSize\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| // estimate of 3 which is the worst case for small headers.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| int inc = 3 + name.length() + value.length();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440|-> headerSize += inc;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| if (!isHeaderCountExceeded() && !isHeaderSizeExceeded(0)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 442| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.coyote.http2.Http2Parser.readHeaderPayload(int, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 460, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2Parser.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 467, + "event": "path", + "message": "Condition \"remaining > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 468, + "event": "path", + "message": "Condition \"headerReadBuffer.remaining() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 471, + "event": "path", + "message": "Condition \"headerReadBuffer.capacity() < payloadSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 475, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 480, + "event": "read_volatile", + "message": "Reading \"headerReadBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 480, + "event": "intervening_update", + "message": "Another thread writes to \"headerReadBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2Parser.java", + "line": 480, + "event": "stale_update", + "message": "Updating \"headerReadBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 478| newSize = headerReadBuffer.capacity() * 2;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 479| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 480|-> headerReadBuffer = ByteBufferUtils.expand(headerReadBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 481| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 482| int toRead = Math.min(headerReadBuffer.remaining(), remaining);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.Http2UpgradeHandler.pruneClosedStreams(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1228, + "event": "path", + "message": "Condition \"newStreamsSinceLastPrune < 9\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1230, + "event": "read_volatile", + "message": "Reading \"newStreamsSinceLastPrune\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1230, + "event": "intervening_update", + "message": "Another thread writes to \"newStreamsSinceLastPrune\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1230, + "event": "stale_update", + "message": "Updating \"newStreamsSinceLastPrune\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1228, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"newStreamsSinceLastPrune\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1228| if (newStreamsSinceLastPrune < 9) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1229| // Not atomic. Increments may be lost. Not a problem.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1230|-> newStreamsSinceLastPrune++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1231| return;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1232| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.coyote.http2.Http2UpgradeHandler.pruneClosedStreams(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 36, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1228, + "event": "path", + "message": "Condition \"newStreamsSinceLastPrune < 9\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1247, + "event": "path", + "message": "Condition \"max > 2147483647L /* java.lang.Integer.MAX_VALUE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1252, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1258, + "event": "path", + "message": "Condition \"toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "return_collection_alias", + "message": "Call to \"values\" returns an \"Iterable\" equivalent to \"streams\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "enhanced_for", + "message": "Starting an iteration on \"streams.values()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1283, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1286, + "event": "path", + "message": "Condition \"stream.isClosedFinal()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1291, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1329, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "path", + "message": "Iterating over another element of \"streams.values()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"stream instanceof org.apache.coyote.http2.Stream\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1282, + "event": "path", + "message": "Condition \"((org.apache.coyote.http2.Stream)stream).isActive()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1286, + "event": "path", + "message": "Condition \"stream.isClosedFinal()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1291, + "event": "path", + "message": "Condition \"stream.getChildStreams().size() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1294, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"streams\" which invalidates the iterator for the loop on \"streams.values()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1296, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1299, + "event": "path", + "message": "Condition \"--toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"toClose > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"parent.getIdAsInt() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"parent.getIdAsInt() < stream.getIdAsInt()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"parent.getChildStreams().isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1316, + "event": "path", + "message": "Condition \"org.apache.coyote.http2.Http2UpgradeHandler.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1319, + "event": "path", + "message": "Condition \"--toClose < 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1324, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"toClose > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"parent.getIdAsInt() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1308, + "event": "path", + "message": "Condition \"parent.getIdAsInt() < stream.getIdAsInt()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1325, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1329, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java", + "line": 1280, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"streams.values()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1278| // lock on priorityTreeLock to ensure a consistent view.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1279| synchronized (priorityTreeLock) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1280|-> for (AbstractNonZeroStream stream : streams.values()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1281| // Never remove active streams", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1282| if (stream instanceof Stream && ((Stream) stream).isActive()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.coyote.http2.Stream.receivedData(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "read_volatile", + "message": "Reading \"contentLengthReceived\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "intervening_update", + "message": "Another thread writes to \"contentLengthReceived\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java", + "line": 561, + "event": "stale_update", + "message": "Updating \"contentLengthReceived\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/coyote/http2/Stream.java", + "line": 587, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"contentLengthReceived\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 559| @Override", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 560| final void receivedData(int payloadSize) throws Http2Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 561|-> contentLengthReceived += payloadSize;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 562| long contentLengthHeader = coyoteRequest.getContentLengthLong();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 563| if (contentLengthHeader > -1 && contentLengthReceived > contentLengthHeader) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.el.util.ReflectionUtil.getMethod(org.apache.el.lang.EvaluationContext, java.lang.Object, java.lang.Object, java.lang.Class[], java.lang.Object[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 18, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 137, + "event": "path", + "message": "Condition \"base == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 137, + "event": "path", + "message": "Condition \"property == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 147, + "event": "path", + "message": "Condition \"paramTypes == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 147, + "event": "var_compare_op", + "message": "Comparing \"paramTypes\" to null implies that \"paramTypes\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 149, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 156, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 157, + "event": "path", + "message": "Condition \"!m.getName().equals(methodName)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 159, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 260, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 156, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 157, + "event": "path", + "message": "Condition \"!m.getName().equals(methodName)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 167, + "event": "path", + "message": "Condition \"!m.isVarArgs()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 171, + "event": "path", + "message": "Condition \"m.isVarArgs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 171, + "event": "path", + "message": "Condition \"paramCount < mParamCount - 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"m.isVarArgs()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramCount == mParamCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramValues != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "path", + "message": "Condition \"paramValues.length > paramCount\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/el/util/ReflectionUtil.java", + "line": 175, + "event": "null_array_access", + "message": "Accessing an element on null array \"paramTypes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175|-> if (m.isVarArgs() && paramCount == mParamCount && paramValues != null &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176| paramValues.length > paramCount && !paramTypes[mParamCount -1].isArray()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| // Method arguments don't match", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.AntCompiler.generateClass(java.util.Map)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 127, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "returned_null", + "message": "\"createTask\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "var_assigned", + "message": "Assigning: \"javac\" = \"null\" return value from \"createTask\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 153, + "event": "path", + "message": "Condition \"tokenizer.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 160, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 173, + "event": "path", + "message": "Condition \"exts != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 176, + "event": "null_method_call", + "message": "Calling a method on null object \"javac\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 174| Path extdirs = new Path(project);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 175| extdirs.setPath(exts);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 176|-> javac.setExtdirs(extdirs);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| info.append(\" extension dir=\" + exts + \"\\n\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.AntCompiler.generateClass(java.util.Map)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 127, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "returned_null", + "message": "\"createTask\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "var_assigned", + "message": "Assigning: \"javac\" = \"null\" return value from \"createTask\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 153, + "event": "path", + "message": "Condition \"tokenizer.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 160, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 173, + "event": "path", + "message": "Condition \"exts != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 182, + "event": "path", + "message": "Condition \"ctxt.getOptions().getFork()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 184, + "event": "path", + "message": "Condition \"endorsed != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 185, + "event": "null_method_call", + "message": "Calling a method on null object \"javac\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 183| String endorsed = System.getProperty(\"java.endorsed.dirs\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 184| if(endorsed != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185|-> Javac.ImplementationSpecificArgument endorsedArg =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| javac.createCompilerArg();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| endorsedArg.setLine(\"-J-Djava.endorsed.dirs=\" +", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.AntCompiler.generateClass(java.util.Map)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 127, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "returned_null", + "message": "\"createTask\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 146, + "event": "var_assigned", + "message": "Assigning: \"javac\" = \"null\" return value from \"createTask\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 153, + "event": "path", + "message": "Condition \"tokenizer.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 160, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 173, + "event": "path", + "message": "Condition \"exts != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 182, + "event": "path", + "message": "Condition \"ctxt.getOptions().getFork()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 184, + "event": "path", + "message": "Condition \"endorsed != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/AntCompiler.java", + "line": 197, + "event": "null_method_call", + "message": "Calling a method on null object \"javac\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 196| // Configure the compiler object", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 197|-> javac.setEncoding(javaEncoding);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| javac.setClasspath(path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 199| javac.setDebug(ctxt.getOptions().getClassDebugInfo());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Compiler.isOutDated(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 25, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 456, + "event": "path", + "message": "Condition \"jsw != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 456, + "event": "path", + "message": "Condition \"ctxt.getOptions().getModificationTestInterval() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 459, + "event": "path", + "message": "Condition \"jsw.getLastModificationTest() + ctxt.getOptions().getModificationTestInterval() * 1000 > java.lang.System.currentTimeMillis()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 472, + "event": "path", + "message": "Condition \"checkClass\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 474, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 477, + "event": "path", + "message": "Condition \"!targetFile.exists()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 481, + "event": "path", + "message": "Condition \"checkClass\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 481, + "event": "path", + "message": "Condition \"jsw != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 486, + "event": "path", + "message": "Condition \"jspRealLastModified.longValue() < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 491, + "event": "path", + "message": "Condition \"targetLastModified != jspRealLastModified.longValue()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 501, + "event": "path", + "message": "Condition \"jsw == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 506, + "event": "path", + "message": "Condition \"depends == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 510, + "event": "path", + "message": "Iterating over another element of \"depends.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 515, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:jar:\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 522, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 541, + "event": "path", + "message": "Condition \"includeLastModified != (java.lang.Long)include.getValue().longValue()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 544, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 551, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 510, + "event": "path", + "message": "Iterating over another element of \"depends.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 515, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:jar:\")\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 523, + "event": "path", + "message": "Condition \"key.startsWith(\"jar:\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 525, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 528, + "event": "path", + "message": "Condition \"includeUrl == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 532, + "event": "path", + "message": "Condition \"iuc instanceof java.net.JarURLConnection\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 533, + "event": "returned_null", + "message": "\"getJarEntry\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.webresources.CachedResource.CachedResourceJarURLConnection.getJarEntry\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 533, + "event": "null_method_call", + "message": "Calling a method on null object \"((java.net.JarURLConnection)iuc).getJarEntry()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 391, + "event": "example_assign", + "message": "Example 1: Assigning: \"jarEntry\" = return value from \"((java.net.JarURLConnection)uc).getJarEntry()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 392, + "event": "example_checked", + "message": "Example 1 (cont.): \"jarEntry\" has its value checked in \"jarEntry != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 531| URLConnection iuc = includeUrl.openConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 532| if (iuc instanceof JarURLConnection) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 533|-> includeLastModified =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 534| ((JarURLConnection) iuc).getJarEntry().getTime();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 535| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.jasper.compiler.ELInterpreterFactory.getELInterpreter(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 58, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 59, + "event": "path", + "message": "Condition \"attribute instanceof org.apache.jasper.compiler.ELInterpreter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 61, + "event": "path", + "message": "Condition \"attribute instanceof java.lang.String\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 66, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 69, + "event": "path", + "message": "Condition \"className != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 75, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELInterpreterFactory.java", + "line": 80, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"context\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| // Cache the result for next time", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80|-> context.setAttribute(EL_INTERPRETER_CLASS_NAME, result);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 81| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 82| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseEL()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 109, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 110, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 110, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 111, + "event": "path", + "message": "Condition \"curToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 123, + "event": "path", + "message": "Condition \"buf.length() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 127, + "event": "path", + "message": "Condition \"!parseFunction()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 128, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 126| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 127| if (!parseFunction()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 128|-> ELexpr.add(new ELNode.ELText(curToken.toString()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 129| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseFunction()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"isELReserved(curToken.toTrimmedString())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken.toChar() == '.'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 156, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 158, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 158, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 159, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| int mark = getIndex() - whiteSpace.length();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158| curToken = nextToken();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159|-> if (curToken.toChar() == ':') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| if (hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 161| Token t2 = nextToken();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ELParser.parseFunction()", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"!(curToken instanceof org.apache.jasper.compiler.ELParser.Id)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"isELReserved(curToken.toTrimmedString())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken instanceof org.apache.jasper.compiler.ELParser.Char\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 148, + "event": "path", + "message": "Condition \"prevToken.toChar() == '.'\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 156, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 159, + "event": "path", + "message": "Condition \"curToken.toChar() == ':'\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 160, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "path", + "message": "Condition \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 165, + "event": "path", + "message": "Condition \"hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 166, + "event": "returned_null", + "message": "\"nextToken\" returns \"null\" (checked 1 out of 4 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 166, + "event": "var_assigned", + "message": "Assigning: \"curToken\" = \"null\" return value from \"nextToken\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 171, + "event": "null_method_call", + "message": "Calling a method on null object \"curToken\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 161, + "event": "example_assign", + "message": "Example 1: Assigning: \"t2\" = return value from \"nextToken()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ELParser.java", + "line": 162, + "event": "example_checked", + "message": "Example 1 (cont.): \"t2\" has its value checked in \"t2 instanceof org.apache.jasper.compiler.ELParser.Id\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 169| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 170| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 171|-> if (curToken.toChar() == '(') {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 172| ELexpr.add(new ELNode.Function(s1, s2, expression.substring(start, index - 1)));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 173| return true;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.ErrorDispatcher.dispatch(org.apache.jasper.compiler.Mark, java.lang.String, java.lang.Object[], java.lang.Exception)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 257, + "event": "path", + "message": "Condition \"errCode != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 259, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 265, + "event": "path", + "message": "Condition \"where != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 266, + "event": "path", + "message": "Condition \"jspcMode\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 269, + "event": "returned_null", + "message": "\"getURL\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ErrorDispatcher.java", + "line": 269, + "event": "null_method_call", + "message": "Calling a method on null object \"where.getURL()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| // Get the full URL of the resource that caused the error", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269|-> file = where.getURL().toString();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| } catch (MalformedURLException me) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| // Fallback to using context-relative path", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.saveScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2780, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2783, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2800, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2801, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2802, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2803, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2817, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2801, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2802, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2807, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2805| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2806| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2807|-> if (declaredVariables.contains(varInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2808| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2809| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.saveScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2780, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2783, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2794, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2798, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2800, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2819, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2820, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2821, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2844, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2819, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2820, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2825, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2823| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2824| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2825|-> if (declaredVariables.contains(tagVarInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2826| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2827| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.restoreScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2856, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2859, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2876, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2877, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2878, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2879, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2893, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2877, + "event": "path", + "message": "Iterating over another element of \"varInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2878, + "event": "path", + "message": "Condition \"varInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2883, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2881| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2882| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2883|-> if (declaredVariables.contains(varInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2884| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2885| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.Generator$GenerateVisitor.restoreScriptingVars(org.apache.jasper.compiler.Node$CustomTag, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2856, + "event": "path", + "message": "Condition \"n.getCustomNestingLevel() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2859, + "event": "path", + "message": "Condition \"isFragment\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"varInfos.length == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2870, + "event": "path", + "message": "Condition \"tagVarInfos.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "returned_null", + "message": "\"getScriptingVars\" returns \"null\" (checked 1 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2874, + "event": "var_assigned", + "message": "Assigning: \"declaredVariables\" = \"null\" return value from \"getScriptingVars\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2876, + "event": "path", + "message": "Condition \"varInfos.length > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2895, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2896, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2897, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2920, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2895, + "event": "path", + "message": "Iterating over another element of \"tagVarInfos\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2896, + "event": "path", + "message": "Condition \"tagVarInfo.getScope() != scope\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2901, + "event": "null_method_call", + "message": "Calling a method on null object \"declaredVariables\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2742, + "event": "example_assign", + "message": "Example 1: Assigning: \"vec\" = return value from \"n.getScriptingVars(scope)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Generator.java", + "line": 2743, + "event": "example_checked", + "message": "Example 1 (cont.): \"vec\" has its value checked in \"vec != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2899| // If the scripting variable has been declared, skip codes", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2900| // for saving and restoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2901|-> if (declaredVariables.contains(tagVarInfo)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2902| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2903| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.JspUtil.getInputSource(java.lang.String, org.apache.tomcat.Jar, org.apache.jasper.JspCompilationContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 659, + "event": "path", + "message": "Condition \"jar != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 665, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 2 out of 6 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/JspUtil.java", + "line": 665, + "event": "null_method_call", + "message": "Calling a method on null object \"ctxt.getResource(fname)\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 384, + "event": "example_assign", + "message": "Example 1: Assigning: \"jspUrl\" = return value from \"getResource(resource)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/JspCompilationContext.java", + "line": 385, + "event": "example_checked", + "message": "Example 1 (cont.): \"jspUrl\" has its value checked in \"jspUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 526, + "event": "example_assign", + "message": "Example 2: Assigning: \"includeUrl\" = return value from \"ctxt.getResource((java.lang.String)include.getKey())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Compiler.java", + "line": 528, + "event": "example_checked", + "message": "Example 2 (cont.): \"includeUrl\" has its value checked in \"includeUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 663| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 664| source = new InputSource(ctxt.getResourceAsStream(fname));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 665|-> source.setSystemId(ctxt.getResource(fname).toExternalForm());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 666| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 667| return source;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.PageInfo.setBufferValue(java.lang.String, org.apache.jasper.compiler.Node, org.apache.jasper.compiler.ErrorDispatcher)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 451, + "event": "path", + "message": "Condition \"\"none\".equalsIgnoreCase(value)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 454, + "event": "path", + "message": "Condition \"value == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 454, + "event": "var_compare_op", + "message": "Comparing \"value\" to null implies that \"value\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 455, + "event": "path", + "message": "Condition \"n == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 457, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/PageInfo.java", + "line": 462, + "event": "null_method_call", + "message": "Calling a method on null object \"value\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 462|-> @SuppressWarnings(\"null\") // value can't be null here", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| int k = Integer.parseInt(value.substring(0, value.length()-2));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| buffer = k * 1024;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.jasper.compiler.ScriptingVariabler$CustomTagCounter.visit(org.apache.jasper.compiler.Node$CustomTag)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 52, + "event": "save", + "message": "Saving non-local \"parent\" in local \"tmpParent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 53, + "event": "modify", + "message": "Modifying non-local \"parent\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "exception", + "message": "Value of non-local \"parent\" that was saved in \"tmpParent\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "remediation", + "message": "Did you intend to enclose the code in a try block and handle restoring \"parent\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 54, + "event": "path", + "message": "Throwing \"org.apache.jasper.JasperException\" (or subclass) from call to \"visitBody\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/ScriptingVariabler.java", + "line": 55, + "event": "restore_example", + "message": "The original value of non-local \"parent\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 52| Node.CustomTag tmpParent = parent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 53| parent = n;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 54|-> visitBody(n);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 55| parent = tmpParent;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 56| n.setNumCount(Integer.valueOf(count++));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "SERVLET_ATOMICITY", + "cwe": 567, + "function": "org.apache.jasper.compiler.StringInterpreterFactory.getStringInterpreter(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 54, + "event": "get_attribute", + "message": "Calling \"getAttribute\" on thread-shared object \"context\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 55, + "event": "path", + "message": "Condition \"attribute instanceof org.apache.jasper.compiler.StringInterpreter\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"attribute instanceof java.lang.String\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 62, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 64, + "event": "path", + "message": "Condition \"className != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 70, + "event": "path", + "message": "Condition \"result == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/StringInterpreterFactory.java", + "line": 75, + "event": "set_attribute", + "message": "Calling \"setAttribute\" on thread-shared object \"context\" can result in a lost update.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 73| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 74| // Cache the result for next time", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75|-> context.setAttribute(STRING_INTERPRETER_CLASS_NAME, result);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| return result;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagFileProcessor.parseTagFileDirectives(org.apache.jasper.compiler.ParserController, java.lang.String, java.lang.String, org.apache.tomcat.Jar, javax.servlet.jsp.tagext.TagLibraryInfo)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 499, + "event": "assign_zero", + "message": "Assigning: \"page\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 501, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"parseTagFileDirectives\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 502, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagFileProcessor.java", + "line": 508, + "event": "null_method_call", + "message": "Calling a method on null object \"page\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 506| TagFileDirectiveVisitor tagFileVisitor = new TagFileDirectiveVisitor(pc", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 507| .getCompiler(), tagLibInfo, name, path);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 508|-> page.visit(tagFileVisitor);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 509| tagFileVisitor.postCheck();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 510| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagLibraryInfoImpl.(org.apache.jasper.JspCompilationContext, org.apache.jasper.compiler.ParserController, org.apache.jasper.compiler.PageInfo, java.lang.String, java.lang.String, org.apache.tomcat.util.descriptor.tld.TldResourcePath, org.apache.jasper.compiler.ErrorDispatcher)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 120, + "event": "path", + "message": "Condition \"tldResourcePath == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 129, + "event": "path", + "message": "Condition \"pageInfo != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 133, + "event": "path", + "message": "Condition \"path != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 140, + "event": "path", + "message": "Condition \"jar != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 175, + "event": "path", + "message": "Condition \"tldResourcePath.getUrl() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 180, + "event": "path", + "message": "Condition \"taglibXml == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 180, + "event": "var_compare_op", + "message": "Comparing \"taglibXml\" to null implies that \"taglibXml\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 187, + "event": "null_method_call", + "message": "Calling a method on null object \"taglibXml\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 185| // Never null. jspError always throws an Exception", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 186| // Slightly convoluted so the @SuppressWarnings has minimal scope", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187|-> @SuppressWarnings(\"null\")", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| String v = taglibXml.getJspVersion();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189| this.jspversion = v;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.jasper.compiler.TagLibraryInfoImpl.createTagFileInfo(org.apache.tomcat.util.descriptor.tld.TagFileXml, org.apache.tomcat.Jar)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 322, + "event": "path", + "message": "Condition \"path == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 322, + "event": "var_compare_op", + "message": "Comparing \"path\" to null implies that \"path\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 325, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 329, + "event": "path", + "message": "Condition \"jar == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TagLibraryInfoImpl.java", + "line": 329, + "event": "null_method_call", + "message": "Calling a method on null object \"path\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329|-> if (jar == null && path.startsWith(\"/META-INF/tags\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| // This is a tag file that was packaged in a JAR that has been", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| // unpacked into /WEB-INF/classes (probably by an IDE). Adjust the", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.compiler.TldCache.getLastModified(org.apache.tomcat.util.descriptor.tld.TldResourcePath)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 128, + "event": "path", + "message": "Condition \"webappPath != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 131, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 15 out of 21 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.getResource\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 131, + "event": "var_assigned", + "message": "Assigning: \"url\" = \"null\" return value from \"getResource\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/TldCache.java", + "line": 132, + "event": "null_method_call", + "message": "Calling a method on null object \"url\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/NamingContextListener.java", + "line": 861, + "event": "example_assign", + "message": "Example 1: Assigning: \"wsdlURL\" = return value from \"((org.apache.catalina.Context)container).getServletContext().getResource(service.getWsdlfile())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/core/NamingContextListener.java", + "line": 867, + "event": "example_checked", + "message": "Example 1 (cont.): \"wsdlURL\" has its value checked in \"wsdlURL == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 172, + "event": "example_assign", + "message": "Example 2: Assigning: \"resource\" = return value from \"servletContext.getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServlet.java", + "line": 173, + "event": "example_checked", + "message": "Example 2 (cont.): \"resource\" has its value checked in \"resource == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java", + "line": 476, + "event": "example_assign", + "message": "Example 3: Assigning: \"url\" = return value from \"context.getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/ssi/SSIServletExternalResolver.java", + "line": 477, + "event": "example_checked", + "message": "Example 3 (cont.): \"url\" has its value checked in \"url == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2005, + "event": "example_assign", + "message": "Example 4: Assigning: \"url\" = return value from \"servletContext.getResource(\"/WEB-INF/web.xml\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/ContextConfig.java", + "line": 2012, + "event": "example_checked", + "message": "Example 4 (cont.): \"url\" has its value checked in \"url == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebappServiceLoader.java", + "line": 167, + "event": "example_assign", + "message": "Example 5: Assigning: \"jarUrl\" = return value from \"servletContext.getResource(\"/WEB-INF/lib/\" + lib)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/startup/WebappServiceLoader.java", + "line": 168, + "event": "example_checked", + "message": "Example 5 (cont.): \"jarUrl\" has its value checked in \"jarUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 130| // the class path but not part of the web application", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 131| URL url = servletContext.getResource(tldResourcePath.getWebappPath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 132|-> URLConnection conn = url.openConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 133| result[0] = conn.getLastModified();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 134| if (\"file\".equals(url.getProtocol())) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "MISSING_RESTORE", + "cwe": 573, + "function": "org.apache.jasper.compiler.Validator$DirectiveVisitor.visit(org.apache.jasper.compiler.Node$IncludeDirective)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 103, + "event": "save", + "message": "Saving non-local \"pageEncodingSeen\" in local \"pageEncodingSeenSave\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 104, + "event": "modify", + "message": "Modifying non-local \"pageEncodingSeen\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "exception", + "message": "Value of non-local \"pageEncodingSeen\" that was saved in \"pageEncodingSeenSave\" is not restored on this exception path as it was along other paths.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "remediation", + "message": "Did you intend to enclose the code in a try block and handle restoring \"pageEncodingSeen\" in a finally block to ensure it is always executed?", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 105, + "event": "path", + "message": "Throwing \"org.apache.jasper.JasperException\" (or subclass) from call to \"visitBody\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/compiler/Validator.java", + "line": 106, + "event": "restore_example", + "message": "The original value of non-local \"pageEncodingSeen\" was restored here.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| boolean pageEncodingSeenSave = pageEncodingSeen;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| pageEncodingSeen = false;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> visitBody(n);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| pageEncodingSeen = pageEncodingSeenSave;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.jasper.runtime.JspRuntimeLibrary.include(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.String, javax.servlet.jsp.JspWriter, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 980, + "event": "path", + "message": "Condition \"flush\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 980, + "event": "path", + "message": "Condition \"!(out instanceof javax.servlet.jsp.tagext.BodyContent)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 992, + "event": "returned_null", + "message": "\"getRequestDispatcher\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 992, + "event": "var_assigned", + "message": "Assigning: \"rd\" = \"null\" return value from \"getRequestDispatcher\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/runtime/JspRuntimeLibrary.java", + "line": 994, + "event": "null_method_call", + "message": "Calling a method on null object \"rd\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 992| RequestDispatcher rd = request.getRequestDispatcher(resourcePath);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 993| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 994|-> rd.include(request,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 995| new ServletResponseWrapperInclude(response, out));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 996| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "org.apache.jasper.servlet.JspServlet.service(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 284, + "event": "path", + "message": "Condition \"jspUri == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 291, + "event": "path", + "message": "Condition \"jspUri != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 299, + "event": "path", + "message": "Condition \"pathInfo != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 302, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 316, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "thread_shared_data", + "message": "\"this\" is thread-shared because it has type \"org.apache.jasper.servlet.JspServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 63, + "event": "thread_shared_derived", + "message": "\"org.apache.jasper.servlet.JspServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 278, + "event": "thread_entry_point", + "message": "\"service\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"context\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/jasper/servlet/JspServlet.java", + "line": 320, + "event": "write", + "message": "\"context\" is modified in call to \"getRealPath\". (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.getRealPath\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| log.debug(\"\\t ServletPath: \" + request.getServletPath());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| log.debug(\"\\t PathInfo: \" + request.getPathInfo());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320|-> log.debug(\"\\t RealPath: \" + context.getRealPath(jspUri));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| log.debug(\"\\t RequestURI: \" + request.getRequestURI());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| log.debug(\"\\t QueryString: \" + request.getQueryString());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.juli.logging.LogFactory.()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/juli/logging/LogFactory.java", + "line": 88, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getDefault\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/juli/logging/LogFactory.java", + "line": 88, + "event": "leaked_resource", + "message": "Ignoring resource created by \"java.nio.file.FileSystems.getDefault()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86| * a fix.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| */", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88|-> FileSystems.getDefault();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90| // Look via a ServiceLoader for a Log implementation that has a", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.NamingContext.lookup(javax.naming.Name, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 828, + "event": "path", + "message": "Condition \"!name.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 828, + "event": "path", + "message": "Condition \"name.get(0).length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 831, + "event": "path", + "message": "Condition \"name.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 838, + "event": "path", + "message": "Condition \"entry == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 843, + "event": "path", + "message": "Condition \"name.size() > 1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 852, + "event": "path", + "message": "Condition \"resolveLinks\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 852, + "event": "path", + "message": "Condition \"entry.type == 1 /* org.apache.naming.NamingEntry.LINK_REF */\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 860, + "event": "path", + "message": "Condition \"entry.type == 2 /* org.apache.naming.NamingEntry.REFERENCE */\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 863, + "event": "path", + "message": "Condition \"!org.apache.naming.NamingContext.GRAAL\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 865, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 874, + "event": "path", + "message": "Condition \"entry.value instanceof org.apache.naming.ResourceRef\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 875, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 66 out of 82 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 875, + "event": "null_method_call", + "message": "Calling a method on null object \"((org.apache.naming.ResourceRef)entry.value).get(\"singleton\")\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 86, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"dataSourceName\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 87, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 3: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 3 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 4: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 4 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 873| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 874| if (entry.value instanceof ResourceRef) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 875|-> boolean singleton = Boolean.parseBoolean(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 876| (String) ((ResourceRef) entry.value).get(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 877| \"singleton\").getContent());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.factory.DataSourceLinkFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 60, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 66 out of 82 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 60, + "event": "var_assigned", + "message": "Assigning: \"passAttr\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "path", + "message": "Condition \"userAttr.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "null_method_call", + "message": "Calling a method on null object \"passAttr\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 86, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"dataSourceName\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 87, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 3: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 3 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 4: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 4 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| RefAddr userAttr = ref.get(\"username\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| RefAddr passAttr = ref.get(\"password\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.naming.factory.DataSourceLinkFactory.getObjectInstance(java.lang.Object, javax.naming.Name, javax.naming.Context, java.util.Hashtable)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 57, + "event": "path", + "message": "Condition \"result != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 59, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 66 out of 82 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 59, + "event": "var_assigned", + "message": "Assigning: \"userAttr\" = \"null\" return value from \"get\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/DataSourceLinkFactory.java", + "line": 61, + "event": "null_method_call", + "message": "Calling a method on null object \"userAttr\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 86, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"dataSourceName\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 87, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 3: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 3 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 4: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 4 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 59| RefAddr userAttr = ref.get(\"username\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 60| RefAddr passAttr = ref.get(\"password\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 61|-> if (userAttr.getContent()!=null && passAttr.getContent()!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 62| result = wrapDataSource(result,userAttr.getContent().toString(), passAttr.getContent().toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 63| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": ".run", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 100, + "event": "path", + "message": "Condition \"list.hasMoreElements()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 111, + "event": "path", + "message": "Condition \"fromAddr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 112, + "event": "returned_null", + "message": "\"get\" returns \"null\" (checked 66 out of 82 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/SendMailFactory.java", + "line": 112, + "event": "null_method_call", + "message": "Calling a method on null object \"ref.get(\"mail.from\")\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 86, + "event": "example_assign", + "message": "Example 1: Assigning: \"ra\" = return value from \"ref.get(\"dataSourceName\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/DataSourceUserDatabaseFactory.java", + "line": 87, + "event": "example_checked", + "message": "Example 1 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 89, + "event": "example_assign", + "message": "Example 2: Assigning: \"ra\" = return value from \"ref.get(\"pathname\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/users/MemoryUserDatabaseFactory.java", + "line": 90, + "event": "example_checked", + "message": "Example 2 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 150, + "event": "example_assign", + "message": "Example 3: Assigning: \"ra\" = return value from \"ref.get(\"forceString\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/BeanFactory.java", + "line": 154, + "event": "example_checked", + "message": "Example 3 (cont.): \"ra\" has its value checked in \"ra != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 69, + "event": "example_assign", + "message": "Example 4: Assigning: \"linkRefAddr\" = return value from \"ref.get(\"link\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/EjbFactory.java", + "line": 70, + "event": "example_checked", + "message": "Example 4 (cont.): \"linkRefAddr\" has its value checked in \"linkRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 56, + "event": "example_assign", + "message": "Example 5: Assigning: \"factoryRefAddr\" = return value from \"ref.get(\"factory\")\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/FactoryBase.java", + "line": 57, + "event": "example_checked", + "message": "Example 5 (cont.): \"factoryRefAddr\" has its value checked in \"factoryRefAddr != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| String from = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| if (fromAddr != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112|-> from = (String)ref.get(\"mail.from\").getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114| if (from != null) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.buildutil.RepeatableArchive.execute()", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 84, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 91, + "event": "path", + "message": "Iterating over another element of \"filesets\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 95, + "event": "path", + "message": "Iterating over another element of \"files\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 106, + "event": "path", + "message": "Condition \"oldEntries.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 114, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getInputStream\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 114, + "event": "var_assign", + "message": "Assigning: \"is\" = resource returned from \"oldZipFile.getInputStream(oldEntry)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 117, + "event": "noescape", + "message": "Resource \"is\" is not closed or saved in \"read\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 117, + "event": "path", + "message": "Condition \"(numRead = is.read(buf)) >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/RepeatableArchive.java", + "line": 120, + "event": "leaked_resource", + "message": "Variable \"is\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 118| zipOut.write(buf, 0, numRead);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 119| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 120|-> }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 121| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 122| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.buildutil.translate.Import.main(java.lang.String[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 33, + "event": "returned_null", + "message": "\"listFiles\" returns \"null\" (checked 5 out of 6 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 33, + "event": "null_array_length", + "message": "Accessing length of null array \"root.listFiles()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/util/ExtensionValidator.java", + "line": 343, + "event": "example_assign", + "message": "Example 1: Assigning: \"files\" = return value from \"targetDir.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/util/ExtensionValidator.java", + "line": 344, + "event": "example_checked", + "message": "Example 1 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/DirResourceSet.java", + "line": 157, + "event": "example_assign", + "message": "Example 2: Assigning: \"list\" = return value from \"f.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/DirResourceSet.java", + "line": 158, + "event": "example_checked", + "message": "Example 2 (cont.): \"list\" has its value checked in \"list != null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Utils.java", + "line": 108, + "event": "example_assign", + "message": "Example 3: Assigning: \"files\" = return value from \"dir.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Utils.java", + "line": 109, + "event": "example_checked", + "message": "Example 3 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 98, + "event": "example_assign", + "message": "Example 4: Assigning: \"files\" = return value from \"directory.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 99, + "event": "example_checked", + "message": "Example 4 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 201, + "event": "example_assign", + "message": "Example 5: Assigning: \"files\" = return value from \"directory.listFiles()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/FileUtils.java", + "line": 202, + "event": "example_checked", + "message": "Example 5 (cont.): \"files\" has its value checked in \"files == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| File root = new File(Constants.STORAGE_DIR);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> for (File f : root.listFiles()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| // Not robust but good enough", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| if (f.isFile() && f.getName().startsWith(Constants.L10N_PREFIX)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.buildutil.translate.Import.processFile(java.io.File)", + "language": "java", + "tool": "coverity", + "key_event_idx": 16, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 56, + "event": "path", + "message": "Iterating over another element of \"objKeys\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 60, + "event": "path", + "message": "Condition \"value.trim().length() == 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 61, + "event": "path", + "message": "Continuing loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 83, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 56, + "event": "path", + "message": "Iterating over another element of \"objKeys\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 60, + "event": "path", + "message": "Condition \"value.trim().length() == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 65, + "event": "path", + "message": "Condition \"!cKey.pkg.equals(currentPkg)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 67, + "event": "path", + "message": "Condition \"w != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 71, + "event": "new_resource", + "message": "\"new java.io.FileOutputStream(outFile)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 71, + "event": "var_assign", + "message": "Assigning: \"fos\" = resource returned from \"new java.io.FileOutputStream(outFile)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 72, + "event": "var_assign", + "message": "Assigning: \"w\" = resource returned from \"new java.io.OutputStreamWriter(fos, java.nio.charset.StandardCharsets.UTF_8)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 73, + "event": "noescape", + "message": "Resource \"w\" is not closed or saved in \"insertLicense\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 74, + "event": "leaked_resource", + "message": "Variable \"fos\" going out of scope leaks the resource it refers to.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 76, + "event": "path", + "message": "Condition \"!currentGroup.equals(cKey.group)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "noescape", + "message": "Resource \"w\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/buildutil/translate/Import.java", + "line": 78, + "event": "leaked_resource", + "message": "Variable \"w\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| if (!currentGroup.equals(cKey.group)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77| currentGroup = cKey.group;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78|-> w.write(System.lineSeparator());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 80| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.validatePropertyNames(javax.naming.Reference, javax.naming.Name, java.util.List, java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 419, + "event": "path", + "message": "Condition \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 419, + "event": "var_compare_op", + "message": "Comparing \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\" to null implies that \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 434, + "event": "path", + "message": "Condition \"allRefAddrs.hasMoreElements()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 439, + "event": "path", + "message": "Condition \"allPropsAsList.contains(propertyName)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java", + "line": 439, + "event": "null_method_call", + "message": "Calling a method on null object \"org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.NUPROP_WARNTEXT\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 437| // If property name is not in the properties list, we haven't warned on it", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| // and it is not in the \"silent\" list, tell user we are ignoring it.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439|-> if (!(allPropsAsList.contains(propertyName) || NUPROP_WARNTEXT.containsKey(propertyName)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440| || SILENT_PROPERTIES.contains(propertyName))) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| final String propertyValue = Objects.toString(ra.getContent(), null);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.makeObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 415, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"createConnection\". (The virtual call resolves to \"org.apache.tomcat.dbcp.dbcp2.DataSourceConnectionFactory.createConnection\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 415, + "event": "var_assign", + "message": "Assigning: \"conn\" = JDBC connection returned from \"connectionFactory.createConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 416, + "event": "path", + "message": "Condition \"conn == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 420, + "event": "noescape", + "message": "Resource \"conn\" is not closed or saved in \"initializeConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 421, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 430, + "event": "path", + "message": "Condition \"poolStatements\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 457, + "event": "path", + "message": "Condition \"dataSourceJmxObjectName == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 460, + "event": "path", + "message": "Throwing \"javax.management.MalformedObjectNameException\" from call to \"ObjectName\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolableConnectionFactory.java", + "line": 460, + "event": "leaked_connection", + "message": "Variable \"conn\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 458| connJmxName = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 459| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460|-> connJmxName = new ObjectName(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| dataSourceJmxObjectName.toString() + Constants.JMX_CONNECTION_BASE_EXT + connIndex);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 462| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.PoolingConnection.destroyObject(org.apache.tomcat.dbcp.dbcp2.PStmtKey, org.apache.tomcat.dbcp.pool2.PooledObject)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java", + "line": 296, + "event": "returned_null", + "message": "\"getInnermostDelegate\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/PoolingConnection.java", + "line": 296, + "event": "null_method_call", + "message": "Calling a method on null object \"(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 294| public void destroyObject(final PStmtKey key, final PooledObject pooledObject)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 295| throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 296|-> pooledObject.getObject().getInnermostDelegate().close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 297| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 298| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.cpdsadapter.PooledConnectionImpl.destroyObject(org.apache.tomcat.dbcp.dbcp2.PStmtKey, org.apache.tomcat.dbcp.pool2.PooledObject)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java", + "line": 342, + "event": "returned_null", + "message": "\"getInnermostDelegate\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/cpdsadapter/PooledConnectionImpl.java", + "line": 342, + "event": "null_method_call", + "message": "Calling a method on null object \"(org.apache.tomcat.dbcp.dbcp2.DelegatingStatement)pooledObject.getObject().getInnermostDelegate()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 340| public void destroyObject(final PStmtKey key, final PooledObject pooledObject)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 341| throws Exception {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 342|-> pooledObject.getObject().getInnermostDelegate().close();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 343| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 344| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.getPooledConnectionAndInfo(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 617, + "event": "path", + "message": "Condition \"manager == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 621, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 630, + "event": "path", + "message": "Throwing \"java.sql.SQLException\" (or subclass) from call to \"borrowObject\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 633, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 637, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 647, + "event": "returned_null", + "message": "\"getPool\" returns \"null\" (checked 2 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 647, + "event": "var_assigned", + "message": "Assigning: \"pool\" = \"null\" return value from \"getPool\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 648, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 652, + "event": "null_method_call", + "message": "Calling a method on null object \"pool\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 180, + "event": "example_assign", + "message": "Example 1: Assigning: \"pool\" = return value from \"getPool(getPoolKey(userName))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 181, + "event": "example_checked", + "message": "Example 1 (cont.): \"pool\" has its value checked in \"pool == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 201, + "event": "example_assign", + "message": "Example 2: Assigning: \"pool\" = return value from \"getPool(getPoolKey(userName))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 202, + "event": "example_checked", + "message": "Example 2 (cont.): \"pool\" has its value checked in \"pool == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 650| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 651| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 652|-> info = pool.borrowObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 653| } catch (final Exception ex) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 654| throw new SQLException(\"Could not retrieve connection info from pool\", ex);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.readObject(java.io.ObjectInputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 704, + "event": "returned_null", + "message": "\"getObjectInstance\" returns \"null\" (checked 2 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 704, + "event": "var_assigned", + "message": "Assigning: \"oldDS\" = \"null\" return value from \"getObjectInstance\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSource.java", + "line": 706, + "event": "null_field_access", + "message": "Accessing field of null object \"oldDS\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 872, + "event": "example_assign", + "message": "Example 1: Assigning: \"obj\" = return value from \"factory.getObjectInstance(entry.value, name, this, env)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 883, + "event": "example_checked", + "message": "Example 1 (cont.): \"obj\" has its value checked in \"obj == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 117, + "event": "example_assign", + "message": "Example 2: Assigning: \"result\" = return value from \"factory.getObjectInstance(obj, name, nameCtx, environment)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 127, + "event": "example_checked", + "message": "Example 2 (cont.): \"result\" has its value checked in \"result != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 704| final PerUserPoolDataSource oldDS = (PerUserPoolDataSource) new PerUserPoolDataSourceFactory()", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 705| .getObjectInstance(getReference(), null, null, null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 706|-> this.managers = oldDS.managers;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 707| } catch (final NamingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 708| throw new IOException(\"NamingException: \" + e);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSourceFactory.getNewInstance(javax.naming.Reference)", + "language": "java", + "tool": "coverity", + "key_event_idx": 13, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 37, + "event": "new_resource", + "message": "Created a new object of type \"org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\", which implements \"java.lang.AutoCloseable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 37, + "event": "var_assign", + "message": "Assigning: \"pupds\" = resource returned from \"new org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 39, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 44, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 49, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 54, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 60, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 66, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 72, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 78, + "event": "path", + "message": "Condition \"refAddr != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 84, + "event": "path", + "message": "Condition \"refAddr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 84, + "event": "path", + "message": "Condition \"refAddr.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 86, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"deserialize\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/PerUserPoolDataSourceFactory.java", + "line": 86, + "event": "leaked_resource", + "message": "Variable \"pupds\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 84| if (refAddr != null && refAddr.getContent() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 85| final byte[] serialized = (byte[]) refAddr.getContent();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 86|-> pupds.setPerUserDefaultReadOnly((Map) deserialize(serialized));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 87| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| return pupds;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.readObject(java.io.ObjectInputStream)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 157, + "event": "returned_null", + "message": "\"getObjectInstance\" returns \"null\" (checked 2 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 157, + "event": "var_assigned", + "message": "Assigning: \"oldDS\" = \"null\" return value from \"getObjectInstance\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSource.java", + "line": 158, + "event": "null_field_access", + "message": "Accessing field of null object \"oldDS\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 872, + "event": "example_assign", + "message": "Example 1: Assigning: \"obj\" = return value from \"factory.getObjectInstance(entry.value, name, this, env)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/NamingContext.java", + "line": 883, + "event": "example_checked", + "message": "Example 1 (cont.): \"obj\" has its value checked in \"obj == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 117, + "event": "example_assign", + "message": "Example 2: Assigning: \"result\" = return value from \"factory.getObjectInstance(obj, name, nameCtx, environment)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/naming/factory/LookupFactory.java", + "line": 127, + "event": "example_checked", + "message": "Example 2 (cont.): \"result\" has its value checked in \"result != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 156| in.defaultReadObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 157| final SharedPoolDataSource oldDS = (SharedPoolDataSource) new SharedPoolDataSourceFactory().getObjectInstance(getReference(), null, null, null);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 158|-> this.pool = oldDS.pool;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 159| } catch (final NamingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 160| throw new IOException(\"NamingException: \" + e);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSourceFactory.getNewInstance(javax.naming.Reference)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 32, + "event": "new_resource", + "message": "Created a new object of type \"org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\", which implements \"java.lang.AutoCloseable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 32, + "event": "var_assign", + "message": "Assigning: \"spds\" = resource returned from \"new org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 34, + "event": "path", + "message": "Condition \"ra != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 34, + "event": "path", + "message": "Condition \"ra.getContent() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 35, + "event": "path", + "message": "Throwing \"java.lang.NumberFormatException\" from call to \"parseInt\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/datasources/SharedPoolDataSourceFactory.java", + "line": 35, + "event": "leaked_resource", + "message": "Variable \"spds\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33| final RefAddr ra = ref.get(\"maxTotal\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| if (ra != null && ra.getContent() != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35|-> spds.setMaxTotal(Integer.parseInt(ra.getContent().toString()));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 36| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 37| return spds;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.managed.DataSourceXAConnectionFactory.createConnection()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 143, + "event": "path", + "message": "Condition \"userName == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 145, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 150, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 150, + "event": "var_assign", + "message": "Assigning: \"connection\" = resource returned from \"xaConnection.getConnection()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 151, + "event": "path", + "message": "Throwing \"java.sql.SQLException\" (or subclass) from call to \"getXAResource\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 151, + "event": "leaked_resource", + "message": "Variable \"connection\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 149| // get the real connection and XAResource from the connection", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 150| final Connection connection = xaConnection.getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 151|-> final XAResource xaResource = xaConnection.getXAResource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 152| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 153| // register the xa resource for the connection", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.dbcp.dbcp2.managed.DataSourceXAConnectionFactory.createConnection()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 143, + "event": "path", + "message": "Condition \"userName == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 146, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"getXAConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 146, + "event": "var_assign", + "message": "Assigning: \"xaConnection\" = JDBC connection returned from \"xaDataSource.getXAConnection(userName, org.apache.tomcat.dbcp.dbcp2.Utils.toString(userPassword))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 150, + "event": "noescape", + "message": "Resource \"xaConnection\" is not closed or saved in \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/dbcp2/managed/DataSourceXAConnectionFactory.java", + "line": 179, + "event": "leaked_connection", + "message": "Variable \"xaConnection\" going out of scope leaks the connection it holds open.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 177| });", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 178| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 179|-> return connection;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 180| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 181| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.dbcp.pool2.PoolUtils$ErodingFactor.update(long, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 98, + "event": "read_volatile", + "message": "Reading \"idleHighWaterMark\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 98, + "event": "intervening_update", + "message": "Another thread writes to \"idleHighWaterMark\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 98, + "event": "stale_update", + "message": "Updating \"idleHighWaterMark\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 96| public void update(final long nowMillis, final int numIdle) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 97| final int idle = Math.max(0, numIdle);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 98|-> idleHighWaterMark = Math.max(idle, idleHighWaterMark);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| final float maxInterval = 15f;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| final float minutes = maxInterval +", + "verbosity_level": 1 + } + ] + }, + { + "checker": "LOCK_INVERSION", + "cwe": 833, + "function": "org.apache.tomcat.dbcp.pool2.PoolUtils$SynchronizedPooledObjectFactory.makeObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1251, + "event": "lock_acquire", + "message": "Calling \"lock\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/PoolUtils.java", + "line": 1253, + "event": "lock_order", + "message": "Acquiring lock \"BaseGenericObjectPool.evictionLock\" while holding \"SynchronizedPooledObjectFactory.writeLock.lock()\" conflicts with the lock order established elsewhere. (The virtual call resolves to \"org.apache.tomcat.dbcp.dbcp2.managed.PoolableManagedConnectionFactory.makeObject\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 666, + "event": "lock_acquire", + "message": "Example 1: Acquiring lock \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 726, + "event": "example_lock_order", + "message": "Example 1 (cont.): Calling \"destroy\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\" while holding \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 666, + "event": "lock_acquire", + "message": "Example 2: Acquiring lock \"BaseGenericObjectPool.evictionLock\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 723, + "event": "example_lock_order", + "message": "Example 2 (cont.): Calling \"activateObject\" acquires lock \"SynchronizedPooledObjectFactory.writeLock.lock()\" while holding \"BaseGenericObjectPool.evictionLock\". (The virtual call resolves to \"org.apache.tomcat.dbcp.pool2.PoolUtils.SynchronizedPooledObjectFactory.activateObject\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1251| writeLock.lock();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1252| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1253|-> return factory.makeObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1254| } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1255| writeLock.unlock();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.dbcp.pool2.impl.EvictionTimer$Reaper.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 77, + "event": "return_collection_alias", + "message": "Call to \"entrySet\" returns an \"Iterable\" equivalent to \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 77, + "event": "enhanced_for", + "message": "Starting an iteration on \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 77, + "event": "path", + "message": "Iterating over another element of \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 78, + "event": "path", + "message": "Condition \"(java.lang.ref.Reference)entry.getKey().get() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 80, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap\" which invalidates the iterator for the loop on \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 82, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/EvictionTimer.java", + "line": 77, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"org.apache.tomcat.dbcp.pool2.impl.EvictionTimer.taskMap.entrySet()\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 75| public void run() {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 76| synchronized (EvictionTimer.class) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 77|-> for (final Entry, WeakRunner> entry : taskMap.entrySet()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 78| if (entry.getKey().get() == null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 79| executor.remove(entry.getValue());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.GenericObjectPool.getFactoryType()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 790, + "event": "path", + "message": "Condition \"factoryType == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 794, + "event": "returned_null", + "message": "\"getFactoryType\" returns \"null\" (checked 0 out of 1 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 794, + "event": "var_assigned", + "message": "Assigning: \"pooledObjectType\" = \"null\" return value from \"getFactoryType\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/GenericObjectPool.java", + "line": 796, + "event": "null_method_call", + "message": "Calling a method on null object \"pooledObjectType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 794| final Class pooledObjectType =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 795| PoolImplUtils.getFactoryType(factory.getClass());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 796|-> result.append(pooledObjectType.getName());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 797| result.append('>');", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 798| factoryType = result.toString();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.PoolImplUtils.getGenericType(java.lang.Class, java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 80, + "event": "path", + "message": "Condition \"type == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 80, + "event": "path", + "message": "Condition \"clazz == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 87, + "event": "path", + "message": "Condition \"pi != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 96, + "event": "path", + "message": "Condition \"result instanceof java.lang.Class\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 100, + "event": "path", + "message": "Condition \"result instanceof java.lang.Integer\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 103, + "event": "returned_null", + "message": "\"getGenericSuperclass\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 103, + "event": "var_assigned", + "message": "Assigning: \"superClassType\" = \"null\" return value from \"getGenericSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/PoolImplUtils.java", + "line": 104, + "event": "null_method_call", + "message": "Calling a method on null object \"superClassType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| // Map that unknown type to the generic types defined in this class", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| final ParameterizedType superClassType = (ParameterizedType) clazz.getGenericSuperclass();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104|-> return getTypeParameter(clazz, superClassType.getActualTypeArguments()[((Integer) result).intValue()]);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| // Error will be logged further up the call stack", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.dbcp.pool2.impl.SoftReferenceObjectPool.borrowObject()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 183, + "event": "path", + "message": "Condition \"null == obj\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 184, + "event": "path", + "message": "Condition \"idleReferences.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 195, + "event": "returned_null", + "message": "\"idleReferences.pollFirst()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 195, + "event": "var_assigned", + "message": "Assigning: \"ref\" = \"null\" return value from \"pollFirst\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/dbcp/pool2/impl/SoftReferenceObjectPool.java", + "line": 196, + "event": "null_method_call", + "message": "Calling a method on null object \"ref\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 194| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 195| ref = idleReferences.pollFirst();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 196|-> obj = ref.getObject();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 197| // Clear the reference so it will not be queued, but replace with a", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 198| // a new, non-registered reference so we can still track this object", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.IntrospectionUtils.findMethod(java.lang.Class, java.lang.String, java.lang.Class[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 422, + "event": "path", + "message": "Iterating over another element of \"methods\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 423, + "event": "path", + "message": "Condition \"method.getName().equals(name)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "path", + "message": "Condition \"params == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "var_compare_op", + "message": "Comparing \"params\" to null implies that \"params\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 425, + "event": "path", + "message": "Condition \"methodParams.length == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/IntrospectionUtils.java", + "line": 428, + "event": "null_array_length", + "message": "Accessing length of null array \"params\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 426| return method;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428|-> if (params.length != methodParams.length) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429| continue;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.B2CConverter.(java.nio.charset.Charset, boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 88, + "event": "path", + "message": "Condition \"replaceOnError\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 90, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 96, + "event": "path", + "message": "Condition \"charset.equals(java.nio.charset.StandardCharsets.UTF_8)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 99, + "event": "returned_null", + "message": "\"newDecoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 99, + "event": "var_assigned", + "message": "Assigning: \"decoder\" = \"null\" return value from \"newDecoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/B2CConverter.java", + "line": 101, + "event": "null_method_call", + "message": "Calling a method on null object \"decoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 99| decoder = charset.newDecoder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 100| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101|-> decoder.onMalformedInput(action);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| decoder.onUnmappableCharacter(action);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.C2BConverter.(java.nio.charset.Charset)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 42, + "event": "returned_null", + "message": "\"newEncoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newEncoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 42, + "event": "var_assigned", + "message": "Assigning: \"encoder\" = \"null\" return value from \"newEncoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/C2BConverter.java", + "line": 43, + "event": "null_method_call", + "message": "Calling a method on null object \"encoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| public C2BConverter(Charset charset) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| encoder = charset.newEncoder();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> encoder.onUnmappableCharacter(CodingErrorAction.REPLACE)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| .onMalformedInput(CodingErrorAction.REPLACE);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| char[] left = new char[4];", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.buf.CharsetUtil.isAsciiSuperset(java.nio.charset.Charset)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 35, + "event": "returned_null", + "message": "\"newDecoder\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.tomcat.util.buf.CharsetCache.DummyCharset.newDecoder\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 35, + "event": "var_assigned", + "message": "Assigning: \"decoder\" = \"null\" return value from \"newDecoder\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 38, + "event": "path", + "message": "Condition \"i < 128\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/buf/CharsetUtil.java", + "line": 43, + "event": "null_method_call", + "message": "Calling a method on null object \"decoder\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 41| inBytes.flip();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 42| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 43|-> outChars = decoder.decode(inBytes);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 44| } catch (CharacterCodingException e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 45| return false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.digester.CallMethodRule.end(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 281, + "event": "path", + "message": "Condition \"paramCount > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "var_compare_op", + "message": "Comparing \"paramTypes\" to null implies that \"paramTypes\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 316, + "event": "null_array_length", + "message": "Accessing length of null array \"paramTypes\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 314| // We only do the conversion if the param value is a String and", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 315| // the specified paramType is not String.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 316|-> Object paramValues[] = new Object[paramTypes.length];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 317| for (int i = 0; i < paramTypes.length; i++) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| // convert nulls and convert stringy parameters", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.digester.CallMethodRule.end(java.lang.String, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 280, + "event": "assign_zero", + "message": "Assigning: \"parameters\" = \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 281, + "event": "path", + "message": "Condition \"paramCount > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 299, + "event": "path", + "message": "Condition \"paramTypes.length != 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 317, + "event": "path", + "message": "Condition \"i < paramTypes.length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/digester/CallMethodRule.java", + "line": 320, + "event": "null_array_access", + "message": "Accessing an element on null array \"parameters\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 318| // convert nulls and convert stringy parameters", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 319| // for non-stringy param types", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 320|-> Object param = parameters[i];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 321| // Tolerate null non-primitive values", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 322| if(null == param && !paramTypes[i].isPrimitive()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.http.fileupload.disk.DiskFileItem.getSize()", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 273, + "event": "path", + "message": "Condition \"size >= 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 276, + "event": "path", + "message": "Condition \"cachedContent != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 279, + "event": "path", + "message": "Condition \"dfos.isInMemory()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 280, + "event": "returned_null", + "message": "\"getData\" returns \"null\" (checked 0 out of 3 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/http/fileupload/disk/DiskFileItem.java", + "line": 280, + "event": "null_array_length", + "message": "Accessing length of null array \"dfos.getData()\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279| if (dfos.isInMemory()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280|-> return dfos.getData().length;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 281| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 282| return dfos.getFile().length();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.modeler.Registry.registerComponent(java.lang.Object, javax.management.ObjectName, java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 625, + "event": "path", + "message": "Condition \"org.apache.tomcat.util.modeler.Registry.log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 629, + "event": "path", + "message": "Condition \"bean == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 635, + "event": "path", + "message": "Condition \"type == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 639, + "event": "returned_null", + "message": "\"findManagedBean\" returns \"null\" (checked 0 out of 1 times). (The virtual call resolves to \"org.apache.tomcat.util.modeler.NoDescriptorRegistry.findManagedBean\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 639, + "event": "var_assigned", + "message": "Assigning: \"managed\" = \"null\" return value from \"findManagedBean\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/Registry.java", + "line": 642, + "event": "null_method_call", + "message": "Calling a method on null object \"managed\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 640| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 641| // The real mbean is created and registered", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 642|-> DynamicMBean mbean = managed.createMBean(bean);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 643| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 644| if (getMBeanServer().isRegistered(oname)) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.modeler.modules.MbeansDescriptorsDigesterSource.createDigester()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 47, + "event": "returned_null", + "message": "\"getResource\" returns \"null\" (checked 3 out of 5 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 47, + "event": "var_assigned", + "message": "Assigning: \"url\" = \"null\" return value from \"getResource\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/modeler/modules/MbeansDescriptorsDigesterSource.java", + "line": 49, + "event": "null_method_call", + "message": "Calling a method on null object \"url\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java", + "line": 41, + "event": "example_assign", + "message": "Example 1: Assigning: \"classpathUrl\" = return value from \"(org.apache.catalina.webresources.ClasspathURLStreamHandler.class).getResource(path)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/catalina/webresources/ClasspathURLStreamHandler.java", + "line": 44, + "event": "example_checked", + "message": "Example 1 (cont.): \"classpathUrl\" has its value checked in \"classpathUrl == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 154, + "event": "example_assign", + "message": "Example 2: Assigning: \"location\" = return value from \"org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_SERVLET_CONTEXT.getResource(\"resources/\" + name)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 155, + "event": "example_checked", + "message": "Example 2 (cont.): \"location\" has its value checked in \"location == null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 156, + "event": "example_assign", + "message": "Example 3: Assigning: \"location\" = return value from \"org.apache.tomcat.util.descriptor.DigesterFactory.CLASS_JSP_CONTEXT.getResource(\"resources/\" + name)\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/descriptor/DigesterFactory.java", + "line": 158, + "event": "example_checked", + "message": "Example 3 (cont.): \"location\" has its value checked in \"location == null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 47| URL url = Registry.getRegistry(null, null).getClass().getResource", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 48| (\"/org/apache/tomcat/util/modeler/mbeans-descriptors.dtd\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 49|-> digester.register", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 50| (\"-//Apache Software Foundation//DTD Model MBeans Configuration File\",", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 51| url.toString());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 95, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 95, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"sslHostConfig.getCertificates(true)\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 95, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"sslHostConfig.getCertificates(true).iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 95, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 95, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 96, + "event": "identity", + "message": "Calling \"getSSLUtil\". This call assigns \"certificate\" to \"().certificate\". (The virtual call resolves to \"org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate)\".) Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 96, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"sslImplementation.getSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 105, + "event": "password_use", + "message": "Calling \"createSSLContext\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 105, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| SSLContext sslContext;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> sslContext = sslUtil.createSSLContext(negotiableProtocols);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| throw new IllegalArgumentException(e.getMessage(), e);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AbstractJsseEndpoint.java", + "line": 105, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AprEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "assign", + "message": "Assigning: \"certificates\" = \"sslHostConfig.getCertificates(true)\". Now \"(certificates).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"certificates\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"certificates.iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 457, + "event": "identity", + "message": "Calling \"OpenSSLUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 457, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 462, + "event": "password_use", + "message": "Calling \"createSSLContext\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(java.util.List)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 462, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 460| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 461| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 462|-> sslContext = (OpenSSLContext) sslUtil.createSSLContext(negotiableProtocols);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 463| } catch (Exception e) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 464| throw new IllegalArgumentException(e.getMessage(), e);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 462, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.util.net.AprEndpoint.createSSLContext(org.apache.tomcat.util.net.SSLHostConfig)", + "language": "java", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "identity", + "message": "Calling \"getCertificates\".\n* This call assigns \"changeit\" to \"(sslHostConfig.defaultCertificate).certificateKeystorePassword\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".\n* This call assigns a reference to \"sslHostConfig.defaultCertificate\" to \"sslHostConfig.certificates\". (The virtual call resolves to \"org.apache.tomcat.util.net.SSLHostConfig.getCertificates(boolean)\".) No [...]", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 454, + "event": "assign", + "message": "Assigning: \"certificates\" = \"sslHostConfig.getCertificates(true)\". Now \"(certificates).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "identity", + "message": "Calling \"iterator\". This call assigns \"certificates\" to \"\". (The virtual call resolves to \"java.util.Set.iterator()\".) Now \".certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "assign", + "message": "Assigning: \"certificate$iterator\" = \"certificates.iterator()\". Now \"(certificate$iterator).certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "identity", + "message": "Calling \"next\". This call returns \"certificate$iterator\". (The virtual call resolves to \"java.util.Iterator.next()\".) Now \"certificate$iterator.next().certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 455, + "event": "assign", + "message": "Assigning: \"certificate\" = \"certificate$iterator.next()\". Now \"certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 467, + "event": "identity", + "message": "Calling \"OpenSSLUtil\". This call assigns \"certificate\" to \".certificate\". Now \".certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 467, + "event": "assign", + "message": "Assigning: \"sslUtil\" = \"new org.apache.tomcat.util.net.openssl.OpenSSLUtil(certificate)\". Now \"sslUtil.certificate.certificateKeystorePassword\" is equal to \"changeit\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 468, + "event": "password_use", + "message": "Calling \"getKeyManagers\". This call uses the constant string as a password. (The virtual call resolves to \"org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers()\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 468, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 466| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 467| SSLUtil sslUtil = new OpenSSLUtil(certificate);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 468|-> KeyManager[] kms = sslUtil.getKeyManagers();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 469| certificate.setCertificateKeyManager(OpenSSLUtil.chooseKeyManager(kms));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 470| sslContext.addCertificate(certificate);", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 468, + "event": "note", + "message": "trimmed 1 message(s) with length over 512", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.util.net.AprEndpoint$SocketList.add(long, long, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1063, + "event": "path", + "message": "Condition \"size == sockets.length\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1066, + "event": "path", + "message": "Condition \"i < size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1067, + "event": "path", + "message": "Condition \"sockets[i] == socket\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1071, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1066, + "event": "path", + "message": "Condition \"i < size\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1075, + "event": "read_volatile", + "message": "Reading \"size\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1075, + "event": "intervening_update", + "message": "Another thread writes to \"size\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1075, + "event": "stale_update", + "message": "Updating \"size\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1063, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"size\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1073| timeouts[size] = timeout;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1074| flags[size] = flag;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1075|-> size++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1076| return true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1077| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.util.net.AprEndpoint$SocketList.remove(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1081, + "event": "path", + "message": "Condition \"i < size\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1082, + "event": "path", + "message": "Condition \"sockets[i] == socket\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1086, + "event": "read_volatile", + "message": "Reading \"size\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1086, + "event": "intervening_update", + "message": "Another thread writes to \"size\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1086, + "event": "stale_update", + "message": "Updating \"size\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 1063, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"size\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1084| timeouts[i] = timeouts[size - 1];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1085| flags[size] = flags[size -1];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1086|-> size--;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1087| return true;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1088| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.util.net.AprEndpoint$AprSocketWrapper$AprOperationState.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2798, + "event": "path", + "message": "Condition \"getError() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2801, + "event": "path", + "message": "Condition \"!completionDone\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2811, + "event": "path", + "message": "Condition \"i < length\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2812, + "event": "path", + "message": "Condition \"buffers[i + offset].hasRemaining()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2814, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2817, + "event": "path", + "message": "Condition \"buffer == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2817, + "event": "var_compare_op", + "message": "Comparing \"buffer\" to null implies that \"buffer\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2817, + "event": "path", + "message": "Condition \"flushBytes == 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2822, + "event": "path", + "message": "Condition \"read\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2825, + "event": "path", + "message": "Condition \"block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2825, + "event": "path", + "message": "Condition \"!flush(block == org.apache.tomcat.util.net.SocketWrapperBase.BlockingMode.BLOCK)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2826, + "event": "path", + "message": "Condition \"flushBytes > 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/AprEndpoint.java", + "line": 2831, + "event": "null_method_call", + "message": "Calling a method on null object \"buffer\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2829| flushBytes = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2830| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2831|-> @SuppressWarnings(\"null\") // Not possible", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2832| int remaining = buffer.remaining();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 2833| write(block == BlockingMode.BLOCK, buffer);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.net.Nio2Endpoint$Nio2SocketWrapper.processSendfile(org.apache.tomcat.util.net.SendfileDataBase)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1459, + "event": "path", + "message": "Condition \"data.fchannel == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1462, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"open\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/Nio2Endpoint.java", + "line": 1462, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"java.nio.channels.FileChannel.open(path, java.nio.file.StandardOpenOption.READ)\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1460| java.nio.file.Path path = new File(sendfileData.fileName).toPath();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1461| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1462|-> data.fchannel = java.nio.channels.FileChannel", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1463| .open(path, StandardOpenOption.READ).position(sendfileData.pos);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1464| } catch (IOException e) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.net.NioEndpoint.initServerSocket()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 240, + "event": "path", + "message": "Condition \"getUseInheritedChannel()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 249, + "event": "path", + "message": "Condition \"getUnixDomainSocketPath() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 253, + "event": "path", + "message": "Condition \"getUnixDomainSocketPathPermissions() != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 257, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"getFileSystem\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 257, + "event": "path", + "message": "Condition \"path.getFileSystem().supportedFileAttributeViews().contains(\"posix\")\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 257, + "event": "leaked_resource", + "message": "Failing to save or close resource created by \"path.getFileSystem()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 255| Set permissions =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 256| PosixFilePermissions.fromString(getUnixDomainSocketPathPermissions());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 257|-> if (path.getFileSystem().supportedFileAttributeViews().contains(\"posix\")) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 258| FileAttribute> attrs = PosixFilePermissions.asFileAttribute(permissions);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 259| Files.setAttribute(path, attrs.name(), attrs.value());", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.net.NioEndpoint.serverSocketAccept()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 546, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"accept\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 546, + "event": "var_assign", + "message": "Assigning: \"result\" = resource returned from \"serverSock.accept()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 549, + "event": "path", + "message": "Condition \"!org.apache.tomcat.util.compat.JrePlatform.IS_WINDOWS\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 550, + "event": "noescape", + "message": "Resource \"result\" is not closed or saved in \"getRemoteAddress\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 552, + "event": "path", + "message": "Condition \"currentRemoteAddress.equals(previousAcceptedSocketRemoteAddress)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 552, + "event": "path", + "message": "Condition \"currentNanoTime - previousAcceptedSocketNanoTime < 1000\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 554, + "event": "path", + "message": "Throwing \"java.io.IOException\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/NioEndpoint.java", + "line": 554, + "event": "leaked_resource", + "message": "Variable \"result\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 552| if (currentRemoteAddress.equals(previousAcceptedSocketRemoteAddress) &&", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 553| currentNanoTime - previousAcceptedSocketNanoTime < 1000) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 554|-> throw new IOException(sm.getString(\"endpoint.err.duplicateAccept\"));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 555| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 556| previousAcceptedSocketRemoteAddress = currentRemoteAddress;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketBufferHandler.expand(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "read_volatile", + "message": "Reading \"readBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "intervening_update", + "message": "Another thread writes to \"readBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 222, + "event": "stale_update", + "message": "Updating \"readBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 220| public void expand(int newSize) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 221| configureReadBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222|-> readBuffer = ByteBufferUtils.expand(readBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| configureWriteBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224| writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketBufferHandler.expand(int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "read_volatile", + "message": "Reading \"writeBuffer\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "intervening_update", + "message": "Another thread writes to \"writeBuffer\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketBufferHandler.java", + "line": 224, + "event": "stale_update", + "message": "Updating \"writeBuffer\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 222| readBuffer = ByteBufferUtils.expand(readBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 223| configureWriteBufferForWrite();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 224|-> writeBuffer = ByteBufferUtils.expand(writeBuffer, newSize);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 225| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 226| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketWrapperBase.decrementKeepAlive()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 256, + "event": "read_volatile", + "message": "Reading \"keepAliveLeft\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 256, + "event": "intervening_update", + "message": "Another thread writes to \"keepAliveLeft\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 256, + "event": "stale_update", + "message": "Updating \"keepAliveLeft\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 254| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 255| public void setKeepAliveLeft(int keepAliveLeft) { this.keepAliveLeft = keepAliveLeft; }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 256|-> public int decrementKeepAlive() { return (--keepAliveLeft); }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 257| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 258| public String getRemoteHost() {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.net.SocketWrapperBase$VectoredIOCompletionHandler.completed(java.lang.Long, org.apache.tomcat.util.net.SocketWrapperBase$OperationState)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1086, + "event": "path", + "message": "Condition \"nBytes.longValue() < 0\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1089, + "event": "read_volatile", + "message": "Reading \"state.nBytes\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1089, + "event": "intervening_update", + "message": "Another thread writes to \"state.nBytes\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/SocketWrapperBase.java", + "line": 1089, + "event": "stale_update", + "message": "Updating \"state.nBytes\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1087| failed(new EOFException(), state);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1088| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1089|-> state.nBytes += nBytes.longValue();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1090| CompletionState currentState = state.isInline() ? CompletionState.INLINE : CompletionState.DONE;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1091| boolean complete = true;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.util.net.openssl.OpenSSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], java.security.SecureRandom)", + "language": "java", + "tool": "coverity", + "key_event_idx": 14, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 295, + "event": "path", + "message": "Condition \"initialized\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 300, + "event": "path", + "message": "Condition \"sslHostConfig.getInsecureRenegotiation()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 302, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 308, + "event": "path", + "message": "Condition \"sslHostConfig.getHonorCipherOrder()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 310, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 315, + "event": "path", + "message": "Condition \"sslHostConfig.getDisableCompression()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 317, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 322, + "event": "path", + "message": "Condition \"sslHostConfig.getDisableSessionTickets()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 324, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 331, + "event": "path", + "message": "Condition \"certificate.getCertificateFile() == null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 339, + "event": "path", + "message": "Switch case value \"org.apache.tomcat.util.net.SSLHostConfig.CertificateVerification.NONE\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 342, + "event": "path", + "message": "Breaking from switch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 355, + "event": "path", + "message": "Condition \"tms != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 375, + "event": "returned_null", + "message": "\"getAcceptedIssuers\" returns \"null\" (checked 1 out of 3 times). (The virtual call resolves to \"org.apache.catalina.tribes.membership.cloud.AbstractStreamProvider.1.getAcceptedIssuers\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java", + "line": 375, + "event": "null_array_length", + "message": "Accessing length of null array \"x509TrustManager.getAcceptedIssuers()\".", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java", + "line": 99, + "event": "example_assign", + "message": "Example 1: Assigning: \"accepted\" = return value from \"((javax.net.ssl.X509TrustManager)tm).getAcceptedIssuers()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java", + "line": 100, + "event": "example_checked", + "message": "Example 1 (cont.): \"accepted\" has its value checked in \"accepted != null\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 373| // by the server during the handshake to allow the client choosing", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 374| // an acceptable certificate", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 375|-> for (X509Certificate caCert : x509TrustManager.getAcceptedIssuers()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 376| SSLContext.addClientCACertificateRaw(ctx, caCert.getEncoded());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 377| if (log.isDebugEnabled()) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1176, + "event": "path", + "message": "Condition \"task != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1182, + "event": "path", + "message": "Condition \"org.apache.tomcat.util.threads.ThreadPoolExecutor.runStateAtLeast(ctl.get(), 536870912 /* org.apache.tomcat.util.threads.ThreadPoolExecutor.STOP */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1182, + "event": "path", + "message": "Condition \"!wt.isInterrupted()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1193, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1199, + "event": "read_volatile", + "message": "Reading \"w.completedTasks\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1199, + "event": "intervening_update", + "message": "Another thread writes to \"w.completedTasks\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/threads/ThreadPoolExecutor.java", + "line": 1199, + "event": "stale_update", + "message": "Updating \"w.completedTasks\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1197| } finally {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1198| task = null;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1199|-> w.completedTasks++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1200| w.unlock();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1201| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.util.xreflection.ReflectionLessCodeGenerator.generateCode(java.io.File, java.lang.String, java.lang.String, java.util.Set)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 188, + "event": "new_resource", + "message": "\"new java.io.FileWriter(destination, false)\" creates a new resource.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 188, + "event": "var_assign", + "message": "Assigning: \"writer\" = resource returned from \"new java.io.BufferedWriter(new java.io.FileWriter(destination, false))\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "noescape", + "message": "Resource \"writer\" is not closed or saved in \"write\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"write\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/util/xreflection/ReflectionLessCodeGenerator.java", + "line": 189, + "event": "leaked_resource", + "message": "Variable \"writer\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 187| File destination = new File(directory, className+\".java\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 188| BufferedWriter writer = new BufferedWriter(new FileWriter(destination, false));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 189|-> writer.write(code.toString());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 190| writer.flush();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 191| writer.close();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.websocket.PerMessageDeflate.sendMessagePart(java.util.List)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 329, + "event": "path", + "message": "Iterating over another element of \"uncompressedParts\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "path", + "message": "Condition \"emptyMessage\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "path", + "message": "Condition \"emptyPart\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "read_volatile", + "message": "Reading \"emptyMessage\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "intervening_update", + "message": "Another thread writes to \"emptyMessage\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/PerMessageDeflate.java", + "line": 332, + "event": "stale_update", + "message": "Updating \"emptyMessage\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 330| byte opCode = uncompressedPart.getOpCode();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 331| boolean emptyPart = uncompressedPart.getPayload().limit() == 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 332|-> emptyMessage = emptyMessage && emptyPart;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 333| if (Util.isControl(opCode)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 334| // Control messages can appear in the middle of other messages", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.websocket.Util.getGenericType(java.lang.Class, java.lang.Class)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 194, + "event": "path", + "message": "Iterating over another element of \"interfaces\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 196, + "event": "path", + "message": "Condition \"iface instanceof java.lang.reflect.ParameterizedType\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 199, + "event": "path", + "message": "Condition \"pi.getRawType() instanceof java.lang.Class\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 200, + "event": "path", + "message": "Condition \"type.isAssignableFrom((java.lang.Class)pi.getRawType())\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 206, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 194, + "event": "path", + "message": "No elements left in \"interfaces\", leaving loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 212, + "event": "path", + "message": "Condition \"superClazz == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 219, + "event": "path", + "message": "Condition \"superClassTypeResult.getIndex() == -1\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 225, + "event": "path", + "message": "Condition \"superClassTypeResult.getIndex() > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 229, + "event": "returned_null", + "message": "\"getGenericSuperclass\" returns \"null\" (checked 0 out of 2 times).", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 229, + "event": "var_assigned", + "message": "Assigning: \"superClassType\" = \"null\" return value from \"getGenericSuperclass\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/Util.java", + "line": 231, + "event": "null_method_call", + "message": "Calling a method on null object \"superClassType\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 229| ParameterizedType superClassType =", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 230| (ParameterizedType) clazz.getGenericSuperclass();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 231|-> TypeResult result = getTypeParameter(clazz,", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 232| superClassType.getActualTypeArguments()[", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 233| superClassTypeResult.getIndex()]);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase.swallowInput()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 673, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 671| long toSkip = Math.min(payloadLength - payloadWritten, inputBuffer.remaining());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 672| inputBuffer.position(inputBuffer.position() + (int) toSkip);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 673|-> payloadWritten += toSkip;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 674| if (payloadWritten == payloadLength) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 675| if (continuationExpected) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase$NoopTransformation.getMoreData(byte, boolean, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 971, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 969| dest.put(inputBuffer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 970| inputBuffer.limit(orgLimit);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 971|-> payloadWritten += toWrite;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 972| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 973| if (payloadWritten == payloadLength) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsFrameBase$UnmaskTransformation.getMoreData(byte, boolean, int, java.nio.ByteBuffer)", + "language": "java", + "tool": "coverity", + "key_event_idx": 6, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"payloadWritten < payloadLength\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"inputBuffer.remaining() > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1005, + "event": "path", + "message": "Condition \"dest.hasRemaining()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1009, + "event": "path", + "message": "Condition \"maskIndex == 4\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "read_volatile", + "message": "Reading \"payloadWritten\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "intervening_update", + "message": "Another thread writes to \"payloadWritten\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 1012, + "event": "stale_update", + "message": "Updating \"payloadWritten\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsFrameBase.java", + "line": 973, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"payloadWritten\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1010| maskIndex = 0;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1011| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1012|-> payloadWritten++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1013| dest.put(b);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1014| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.websocket.WsWebSocketContainer.connectToServerRecursive(org.apache.tomcat.websocket.ClientEndpointHolder, javax.websocket.ClientEndpointConfig, java.net.URI, java.util.Set)", + "language": "java", + "tool": "coverity", + "key_event_idx": 20, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 193, + "event": "path", + "message": "Condition \"log.isDebugEnabled()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 203, + "event": "path", + "message": "Condition \"\"ws\".equalsIgnoreCase(scheme)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 205, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 215, + "event": "path", + "message": "Condition \"host == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 227, + "event": "path", + "message": "Iterating over another element of \"proxies\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 228, + "event": "path", + "message": "Condition \"proxy.type().equals(java.net.Proxy.Type.HTTP)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 230, + "event": "path", + "message": "Condition \"sa instanceof java.net.InetSocketAddress\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 232, + "event": "path", + "message": "Condition \"inet.isUnresolved()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 237, + "event": "path", + "message": "Breaking from loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 243, + "event": "path", + "message": "Condition \"port == -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 244, + "event": "path", + "message": "Condition \"\"ws\".equalsIgnoreCase(scheme)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 246, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 253, + "event": "path", + "message": "Condition \"sa == null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 263, + "event": "path", + "message": "Condition \"org.apache.tomcat.websocket.Constants.DEFAULT_ORIGIN_HEADER_VALUE != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 263, + "event": "path", + "message": "Condition \"!reqHeaders.containsKey(\"Origin\" /* org.apache.tomcat.websocket.Constants.ORIGIN_HEADER_NAME */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 273, + "event": "alloc_fn", + "message": "A new resource is returned from allocation method \"open\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 273, + "event": "var_assign", + "message": "Assigning: \"socketChannel\" = resource returned from \"java.nio.channels.AsynchronousSocketChannel.open(getAsynchronousChannelGroup())\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 274, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 284, + "event": "path", + "message": "Condition \"timeoutValue != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 285, + "event": "path", + "message": "Throwing \"java.lang.NumberFormatException\" from call to \"valueOf\"; exiting method with uncaught exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 285, + "event": "leaked_resource", + "message": "Variable \"socketChannel\" going out of scope leaks the resource it refers to.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| String timeoutValue = (String) userProperties.get(Constants.IO_TIMEOUT_MS_PROPERTY);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (timeoutValue != null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> timeout = Long.valueOf(timeoutValue).intValue();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.websocket.WsWebSocketContainer.createSSLEngine(java.util.Map, java.lang.String, int)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 921, + "event": "hardcoded_credential", + "message": "The constant string \"\"changeit\"\" is a credential or key.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 921, + "event": "assign", + "message": "Assigning: \"sslTrustStorePwdValue\" = \"\"changeit\"\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 927, + "event": "identity", + "message": "Calling \"toCharArray\". This call assigns \"sslTrustStorePwdValue\" to \"\". (The virtual call resolves to \"java.lang.String.toCharArray()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 927, + "event": "password_use", + "message": "Calling \"load\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/WsWebSocketContainer.java", + "line": 927, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 925| KeyStore ks = KeyStore.getInstance(\"JKS\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 926| try (InputStream is = new FileInputStream(keyStoreFile)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 927|-> KeyStoreUtil.load(ks, is, sslTrustStorePwdValue.toCharArray());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 928| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 929| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.websocket.server.WsServerContainer.(javax.servlet.ServletContext)", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 91, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 97, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 103, + "event": "path", + "message": "Condition \"value != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 107, + "event": "returned_null", + "message": "\"addFilter\" returns \"null\" (checked 0 out of 2 times). (The virtual call resolves to \"org.apache.catalina.core.ApplicationContext.addFilter\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 107, + "event": "var_assigned", + "message": "Assigning: \"fr\" = \"null\" return value from \"addFilter\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/org/apache/tomcat/websocket/server/WsServerContainer.java", + "line": 109, + "event": "null_method_call", + "message": "Calling a method on null object \"fr\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| FilterRegistration.Dynamic fr = servletContext.addFilter(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108| \"Tomcat WebSocket (JSR356) Filter\", new WsFilter());", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109|-> fr.setAsyncSupported(true);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111| EnumSet types = EnumSet.of(DispatcherType.REQUEST,", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.checkAbandoned()", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1069, + "event": "path", + "message": "Condition \"busy.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1072, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"busy\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1072, + "event": "assign", + "message": "Assigning: \"locked\" = \"busy.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1074, + "event": "path", + "message": "Condition \"locked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1081, + "event": "path", + "message": "Condition \"idle.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1081, + "event": "path", + "message": "Condition \"con.isReleased()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1086, + "event": "path", + "message": "Condition \"shouldAbandon()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1086, + "event": "path", + "message": "Condition \"now - time > con.getAbandonTimeout()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1087, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"busy\" which invalidates iterator \"locked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1090, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1097, + "event": "path", + "message": "Condition \"setToNull\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1101, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1074, + "event": "invalid_iterator", + "message": "Using invalid iterator \"locked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1072| Iterator locked = busy.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1073| int sto = getPoolProperties().getSuspectTimeout();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1074|-> while (locked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1075| PooledConnection con = locked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1076| boolean setToNull = false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.checkIdle(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 12, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1120, + "event": "path", + "message": "Condition \"idle.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1124, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"idle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1124, + "event": "assign", + "message": "Assigning: \"unlocked\" = \"idle.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"ignoreMinSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"unlocked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1131, + "event": "path", + "message": "Condition \"busy.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1135, + "event": "path", + "message": "Condition \"shouldReleaseIdle(now, con, time)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1138, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"idle\" which invalidates iterator \"unlocked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1140, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1145, + "event": "path", + "message": "Condition \"setToNull\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1149, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "path", + "message": "Condition \"ignoreMinSize\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1125, + "event": "invalid_iterator", + "message": "Using invalid iterator \"unlocked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1123| long now = System.currentTimeMillis();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1124| Iterator unlocked = idle.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1125|-> while ( (ignoreMinSize || (idle.size()>=getPoolProperties().getMinIdle())) && unlocked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1126| PooledConnection con = unlocked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1127| boolean setToNull = false;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "org.apache.tomcat.jdbc.pool.ConnectionPool.testAllIdle(boolean)", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1181, + "event": "path", + "message": "Condition \"idle.isEmpty()\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1184, + "event": "return_iterator", + "message": "Call to \"iterator\" returns an iterator from \"idle\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1184, + "event": "assign", + "message": "Assigning: \"unlocked\" = \"idle.iterator()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1185, + "event": "path", + "message": "Condition \"unlocked.hasNext()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1190, + "event": "path", + "message": "Condition \"busy.contains(con)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1195, + "event": "path", + "message": "Condition \"checkMaxAgeOnly\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1196, + "event": "path", + "message": "Condition \"!reconnectIfExpired(con)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1197, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1200, + "event": "path", + "message": "Condition \"release\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1201, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"idle\" which invalidates iterator \"unlocked\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1207, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ConnectionPool.java", + "line": 1185, + "event": "invalid_iterator", + "message": "Using invalid iterator \"unlocked\" in call to \"hasNext\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1183| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1184| Iterator unlocked = idle.iterator();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1185|-> while (unlocked.hasNext()) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1186| PooledConnection con = unlocked.next();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1187| try {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.FairBlockingQueue.offer(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 99, + "event": "path", + "message": "Condition \"!waiters.isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 101, + "event": "returned_null", + "message": "\"waiters.poll()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 101, + "event": "var_assigned", + "message": "Assigning: \"c\" = \"null\" return value from \"poll\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/FairBlockingQueue.java", + "line": 103, + "event": "null_method_call", + "message": "Calling a method on null object \"c\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 101| c = waiters.poll();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 102| //give the object to the thread instead of adding it to the pool", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103|-> c.setItem(e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| if (isLinux) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105| c.countDown();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.MultiLockFairBlockingQueue.offer(java.lang.Object)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 110, + "event": "path", + "message": "Condition \"!waiters[idx].isEmpty()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 112, + "event": "returned_null", + "message": "\"waiters[idx].poll()\" returns \"null\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 112, + "event": "var_assigned", + "message": "Assigning: \"c\" = \"null\" return value from \"poll\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/MultiLockFairBlockingQueue.java", + "line": 114, + "event": "null_method_call", + "message": "Calling a method on null object \"c\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| c = waiters[idx].poll();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| //give the object to the thread instead of adding it to the pool", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 114|-> c.setItem(e);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 115| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 116| //we always add first, so that the most recently used object will be given out", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 269, + "event": "password_use", + "message": "Calling \"getXAConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.XADataSource.getXAConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 269, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 267| javax.sql.XADataSource xds = (javax.sql.XADataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 268| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 269|-> xaConnection = xds.getXAConnection(usr, pwd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 270| connection = xaConnection.getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 271| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 278, + "event": "password_use", + "message": "Calling \"getConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.DataSource.getConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 278, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 276| javax.sql.DataSource ds = (javax.sql.DataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 277| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 278|-> connection = ds.getConnection(usr, pwd);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 279| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 280| connection = ds.getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 254, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"user\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 256, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 260, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"password\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 262, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 266, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.XADataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 275, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.DataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 282, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"usr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"pwd != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"getPooledConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "noescape", + "message": "Resource \"ds.getPooledConnection(usr, pwd)\" is not closed or saved in \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "leaked_connection", + "message": "Failing to save or close JDBC connection open by \"ds.getPooledConnection(usr, pwd)\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| connection = ds.getPooledConnection().getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".) Now \"poolProperties.getPassword()\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 263, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\". Now \"pwd\" is equal to \"Password not available as DataSource/JMX operation.\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "password_use", + "message": "Calling \"getPooledConnection\". This call uses the constant string as a password. (The virtual call resolves to \"javax.sql.ConnectionPoolDataSource.getPooledConnection(java.lang.String, java.lang.String)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 285, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 283| javax.sql.ConnectionPoolDataSource ds = (javax.sql.ConnectionPoolDataSource)poolProperties.getDataSource();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 284| if (usr!=null && pwd!=null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285|-> connection = ds.getPooledConnection(usr, pwd).getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287| connection = ds.getPooledConnection().getConnection();", + "verbosity_level": 1 + } + ] + }, + { + "checker": "RESOURCE_LEAK", + "cwe": 404, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDataSource()", + "language": "java", + "tool": "coverity", + "key_event_idx": 11, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 254, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"user\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_USER */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 256, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 260, + "event": "path", + "message": "Condition \"getAttributes().containsKey(\"password\" /* org.apache.tomcat.jdbc.pool.PooledConnection.PROP_PASSWORD */)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 262, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 266, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.XADataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 275, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.DataSource\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 282, + "event": "path", + "message": "Condition \"poolProperties.getDataSource() instanceof javax.sql.ConnectionPoolDataSource\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"usr != null\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 284, + "event": "path", + "message": "Condition \"pwd != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 287, + "event": "jdbc_fn", + "message": "An open JDBC connection is returned from \"getPooledConnection\". (The virtual call resolves to \"org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.getPooledConnection\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 287, + "event": "noescape", + "message": "Resource \"ds.getPooledConnection()\" is not closed or saved in \"getConnection\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 287, + "event": "leaked_connection", + "message": "Failing to save or close JDBC connection open by \"ds.getPooledConnection()\" leaks it.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 285| connection = ds.getPooledConnection(usr, pwd).getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 286| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 287|-> connection = ds.getPooledConnection().getConnection();", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 288| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 289| } else {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 340, + "event": "identity", + "message": "Calling \"setProperty\". This call assigns \"pwd\" to \"properties\". (The virtual call resolves to \"java.util.Properties.setProperty(java.lang.String, java.lang.String)\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 345, + "event": "password_use", + "message": "Calling \"getConnection\". This call uses the constant string as a password.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 345, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 343| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 344| if (driver==null) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 345|-> connection = DriverManager.getConnection(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 346| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 347| connection = driver.connect(driverURL, properties);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "HARDCODED_CREDENTIALS", + "cwe": 259, + "function": "org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver()", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "identity", + "message": "Calling \"getPassword\". This call returns \"Password not available as DataSource/JMX operation.\". (The virtual call resolves to \"org.apache.tomcat.jdbc.pool.DataSourceProxy.getPassword()\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 332, + "event": "assign", + "message": "Assigning: \"pwd\" = \"poolProperties.getPassword()\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 340, + "event": "identity", + "message": "Calling \"setProperty\". This call assigns \"pwd\" to \"properties\". (The virtual call resolves to \"java.util.Properties.setProperty(java.lang.String, java.lang.String)\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 347, + "event": "password_use", + "message": "Calling \"connect\". This call uses the constant string as a password. (The virtual call resolves to \"java.sql.Driver.connect(java.lang.String, java.util.Properties)\".)", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/PooledConnection.java", + "line": 347, + "event": "remediation", + "message": "Passwords should be stored in a Properties file in a location that is inaccessible to unauthorized users.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 345| connection = DriverManager.getConnection(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 346| } else {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 347|-> connection = driver.connect(driverURL, properties);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 348| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 349| } catch (Exception x) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "FORWARD_NULL", + "cwe": 476, + "function": "org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(java.lang.Object, java.lang.reflect.Method, java.lang.Object[])", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 93, + "event": "path", + "message": "Condition \"compare(\"isClosed\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.ISCLOSED_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 96, + "event": "path", + "message": "Condition \"compare(\"close\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.CLOSE_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 105, + "event": "path", + "message": "Condition \"compare(\"toString\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.TOSTRING_VAL */, method)\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "path", + "message": "Condition \"compare(\"getConnection\" /* org.apache.tomcat.jdbc.pool.JdbcInterceptor.GETCONNECTION_VAL */, method)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "path", + "message": "Condition \"connection != null\", taking false branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 107, + "event": "var_compare_op", + "message": "Comparing \"connection\" to null implies that \"connection\" might be null.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 109, + "event": "path", + "message": "Condition \"method.getDeclaringClass().isAssignableFrom(javax.sql.XAConnection.class)\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/ProxyConnection.java", + "line": 111, + "event": "null_method_call", + "message": "Calling a method on null object \"connection\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| } else if (method.getDeclaringClass().isAssignableFrom(XAConnection.class)) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 111|-> return method.invoke(connection.getXAConnection(),args);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 112| }catch (Throwable t) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 113| if (t instanceof InvocationTargetException) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.prepare(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "read_volatile", + "message": "Reading \"prepareCount\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "intervening_update", + "message": "Another thread writes to \"prepareCount\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 418, + "event": "stale_update", + "message": "Updating \"prepareCount\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 416| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| public void prepare(long invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418|-> prepareCount++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419| prepareTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| ", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.prepare(long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "read_volatile", + "message": "Reading \"prepareTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "intervening_update", + "message": "Another thread writes to \"prepareTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 419, + "event": "stale_update", + "message": "Updating \"prepareTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 417| public void prepare(long invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 418| prepareCount++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 419|-> prepareTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 420| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 421| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "read_volatile", + "message": "Reading \"maxInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "intervening_update", + "message": "Another thread writes to \"maxInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 425, + "event": "stale_update", + "message": "Updating \"maxInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"maxInvocationTime\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 423| public void add(long invocationTime, long now) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 424| //not thread safe, but don't sacrifice performance for this kind of stuff", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 425|-> maxInvocationTime = Math.max(invocationTime, maxInvocationTime);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 426| if (maxInvocationTime == invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| maxInvocationDate = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "imp": 1, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "read_volatile", + "message": "Reading \"minInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "intervening_update", + "message": "Another thread writes to \"minInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 429, + "event": "stale_update", + "message": "Updating \"minInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "example_comparison", + "message": "Example 1: Example comparison of \"minInvocationTime\" to value, suggesting a semantically meaningful use.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 427| maxInvocationDate = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 428| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 429|-> minInvocationTime = Math.min(invocationTime, minInvocationTime);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 430| if (minInvocationTime==invocationTime) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| minInvocationDate = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "path", + "message": "Condition \"minInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "read_volatile", + "message": "Reading \"nrOfInvocations\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "intervening_update", + "message": "Another thread writes to \"nrOfInvocations\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 433, + "event": "stale_update", + "message": "Updating \"nrOfInvocations\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 431| minInvocationDate = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433|-> nrOfInvocations++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434| totalInvocationTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| lastInvocation = now;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.add(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 4, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 426, + "event": "path", + "message": "Condition \"maxInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 430, + "event": "path", + "message": "Condition \"minInvocationTime == invocationTime\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "read_volatile", + "message": "Reading \"totalInvocationTime\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "intervening_update", + "message": "Another thread writes to \"totalInvocationTime\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 434, + "event": "stale_update", + "message": "Updating \"totalInvocationTime\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 432| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 433| nrOfInvocations++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 434|-> totalInvocationTime+=invocationTime;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 435| lastInvocation = now;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 436| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReport$QueryStats.failure(long, long)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "read_volatile", + "message": "Reading \"failures\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "intervening_update", + "message": "Another thread writes to \"failures\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/modules/jdbc-pool/src/main/java/org/apache/tomcat/jdbc/pool/interceptor/SlowQueryReport.java", + "line": 440, + "event": "stale_update", + "message": "Updating \"failures\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 438| public void failure(long invocationTime, long now) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 439| add(invocationTime,now);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 440|-> failures++;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 441| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 442| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "ServletToJsp.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 2, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "return_thread_shared", + "message": "Call to \"getServletConfig\" returns a pointer to thread-shared data.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 27, + "event": "thread_entry_point", + "message": "\"doGet\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getServletConfig()\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "write", + "message": "\"getServletConfig()\" is modified in call to \"getServletContext\". (The virtual call resolves to \"org.apache.catalina.core.StandardWrapper.getServletContext\".)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| // Set the attribute and Forward to hello.jsp", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| request.setAttribute (\"servletName\", \"servletToJsp\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> getServletConfig().getServletContext().getRequestDispatcher(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \"/jsp/jsptoserv/hello.jsp\").forward(request, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| } catch (Exception ex) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "UNLOCKED_ACCESS", + "cwe": 820, + "imp": 1, + "function": "ServletToJsp.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)", + "language": "java", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 27, + "event": "thread_entry_point", + "message": "\"doGet\" is an entry point because it implements a request handler from \"Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "thread_unsafe_modification", + "message": "Thread-shared \"getServletConfig().config\" is modified in a concurrent context without any synchronization.", + "verbosity_level": 0 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "remediation", + "message": "To avoid data races, make the data thread-local, or add locking to all the concurrent accesses to the data, including the reads.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "write", + "message": "\"getServletConfig().config\" is modified in call to \"getServletContext\". (The virtual call resolves to \"javax.servlet.GenericServlet.getServletContext\".)", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/ServletToJsp.java", + "line": 33, + "event": "thread_shared_data", + "message": "\"getServletConfig()\" is thread-shared because it has type \"javax.servlet.GenericServlet\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/java/javax/servlet/GenericServlet.java", + "line": 40, + "event": "thread_shared_derived", + "message": "\"javax.servlet.GenericServlet\" is thread-shared because it implements \"javax.servlet.Servlet\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 31| // Set the attribute and Forward to hello.jsp", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 32| request.setAttribute (\"servletName\", \"servletToJsp\");", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 33|-> getServletConfig().getServletContext().getRequestDispatcher(", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 34| \"/jsp/jsptoserv/hello.jsp\").forward(request, response);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 35| } catch (Exception ex) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "async.Stockticker.run()", + "language": "java", + "tool": "coverity", + "key_event_idx": 7, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 91, + "event": "path", + "message": "Condition \"run\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 92, + "event": "path", + "message": "Condition \"j < 1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 94, + "event": "path", + "message": "Condition \"i < 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 100, + "event": "path", + "message": "Condition \"plus\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 102, + "event": "path", + "message": "Falling through to end of if statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "read_volatile", + "message": "Reading \"ticknr\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "intervening_update", + "message": "Another thread writes to \"ticknr\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/async/Stockticker.java", + "line": 105, + "event": "stale_update", + "message": "Updating \"ticknr\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 103| stock.setValue(stock.getValue() - change);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 104| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 105|-> stock.setCnt(++ticknr);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| for (TickListener l : listeners) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| l.tick(stock);", + "verbosity_level": 1 + } + ] + }, + { + "checker": "VOLATILE_ATOMICITY", + "cwe": 366, + "function": "nonblocking.ByteCounter$CounterListener.onDataAvailable()", + "language": "java", + "tool": "coverity", + "key_event_idx": 5, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 105, + "event": "path", + "message": "Condition \"sis.isReady()\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 105, + "event": "path", + "message": "Condition \"read > -1\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 107, + "event": "path", + "message": "Condition \"read > 0\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "read_volatile", + "message": "Reading \"totalBytesRead\", a volatile field, without any lock held.", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "intervening_update", + "message": "Another thread writes to \"totalBytesRead\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/nonblocking/ByteCounter.java", + "line": 108, + "event": "stale_update", + "message": "Updating \"totalBytesRead\" based on a stale value. Any intervening update in another thread is overwritten.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 106| read = sis.read(buffer);", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 107| if (read > 0) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 108|-> totalBytesRead += read;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 109| }", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 110| }", + "verbosity_level": 1 + } + ] + }, + { + "checker": "INVALIDATE_ITERATOR", + "cwe": 119, + "function": "websocket.chat.ChatAnnotation.broadcast(java.lang.String)", + "language": "java", + "tool": "coverity", + "key_event_idx": 10, + "events": [ + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "enhanced_for", + "message": "Starting an iteration on \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "path", + "message": "Iterating over another element of \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 95, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 107, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "path", + "message": "Iterating over another element of \"websocket.chat.ChatAnnotation.connections\".", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 93, + "event": "path", + "message": "Throwing \"java.io.IOException\" (or subclass) from call to \"sendText\". (The virtual call resolves to \"org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText\".)", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 95, + "event": "path", + "message": "Catching exception.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 97, + "event": "modify_iterable", + "message": "Call to \"remove\" modifies \"Iterable\" \"websocket.chat.ChatAnnotation.connections\" which invalidates the iterator for the loop on that \"Iterable\".", + "verbosity_level": 1 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 100, + "event": "path", + "message": "Falling through to end of try statement.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 107, + "event": "path", + "message": "Jumping back to the beginning of the loop.", + "verbosity_level": 2 + }, + { + "file_name": "apache-tomcat-9.0.62.redhat-00014-src/webapps/examples/WEB-INF/classes/websocket/chat/ChatAnnotation.java", + "line": 90, + "event": "invalid_loop", + "message": "Attempting to obtain another element from \"websocket.chat.ChatAnnotation.connections\" after it's been modified.", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 88| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 89| private static void broadcast(String msg) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 90|-> for (ChatAnnotation client : connections) {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 91| try {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 92| synchronized (client) {", + "verbosity_level": 1 + } + ] + }, + { + "checker": "NULL_RETURNS", + "cwe": 476, + "function": "yaml.v3.yaml_parser_parse_flow_mapping_key(*yaml.v3.yaml_parser_t, *yaml.v3.yaml_event_t, bool)bool", + "language": "go", + "tool": "coverity", + "key_event_idx": 3, + "events": [ + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1067, + "event": "path", + "message": "Condition \"first\", taking true branch.", + "verbosity_level": 2 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "returned_null", + "message": "\"peek_token\" returns \"nil\" (checked 36 out of 37 times).", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1068, + "event": "var_assigned", + "message": "Assigning: \"token\" = \"nil\" return value from \"peek_token\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1069, + "event": "null_field_access", + "message": "Accessing field of null object \"token\".", + "verbosity_level": 0 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 458, + "event": "example_assign", + "message": "Example 1: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 459, + "event": "example_checked", + "message": "Example 1 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 791, + "event": "example_assign", + "message": "Example 2: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 792, + "event": "example_checked", + "message": "Example 2 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1183, + "event": "example_assign", + "message": "Example 3: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1184, + "event": "example_checked", + "message": "Example 3 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1216, + "event": "example_assign", + "message": "Example 4: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 1217, + "event": "example_checked", + "message": "Example 4 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 232, + "event": "example_assign", + "message": "Example 5: Assigning: \"token\" = return value from \"peek_token(parser)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/vendor/gopkg.in/yaml.v3/parserc.go", + "line": 233, + "event": "example_checked", + "message": "Example 5 (cont.): \"token\" has its value checked in \"token == nil\".", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1067| \tif first {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1068| \t\ttoken := peek_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1069|-> \t\tparser.marks = append(parser.marks, token.start_mark)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1070| \t\tskip_token(parser)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 1071| \t}", + "verbosity_level": 1 + } + ] + }, + { + "checker": "PATH_MANIPULATION", + "cwe": 22, + "imp": 1, + "function": "github.com/osbuild/weldr-client/v2/weldr.Client.GetFilePath(string, string)(string, *github.com/osbuild/weldr-client/v2/weldr.APIResponse, error)", + "language": "go", + "tool": "coverity", + "key_event_idx": 8, + "events": [ + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 269, + "event": "assign", + "message": "Assigning: \"resp\" = \"c.Request(\"GET\", route, \"\", {})\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 285, + "event": "taint", + "message": "The field \"resp.Header\" is a source of untrusted data.", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 285, + "event": "identity", + "message": "Calling \"Get\". This call assigns \"resp.Header\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 285, + "event": "identity", + "message": "Calling \"GetContentFilename\". This call assigns \"resp.Header.Get(\"content-disposition\")\" to \".$0\". Now \".$0\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 285, + "event": "assign", + "message": "Assigning: \"fileName\" = \"GetContentFilename(resp.Header.Get(\"content-disposition\"))\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 289, + "event": "assign", + "message": "Assigning: \"[1]\" = \"fileName\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 289, + "event": "identity", + "message": "Calling \"Join\". This call assigns \"{path, fileName}\" to \"\". Now \"\" is tainted.", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 289, + "event": "assign", + "message": "Assigning: \"fileName\" = \"Join(path, fileName)\".", + "verbosity_level": 1 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 327, + "event": "sink", + "message": "Calling \"OpenFile\". This call uses \"fileName\" for sensitive computation.", + "verbosity_level": 0 + }, + { + "file_name": "weldr-client-35.9/_build/src/github.com/osbuild/weldr-client/v2/weldr/common.go", + "line": 327, + "event": "remediation", + "message": "Path manipulation vulnerabilities can be addressed by proper input validation. Disallowing directory traversal characters (using a deny list) can improve the safety of the input, but the recommended approach is to restrict to a specific set of allowed characters (using an allow list). This should exclude absolute paths and upward directory traversal.", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 325| \t\treturn", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 326| \t}", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 327|-> \tf, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE, 0600)", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 328| \tif err != nil {", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 329| \t\treturn", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 575, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 575, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[0].value\" by writing 64 characters from \"ctl_see(vintr)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 573| static struct ctl_char c[9];", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575|-> c[0].name = \"intr\";\t\tstrcpy(c[0].value, ctl_see(vintr));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| c[1].name = \"quit\";\t\tstrcpy(c[1].value, ctl_see(vquit));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| c[2].name = \"erase\";\tstrcpy(c[2].value, ctl_see(verase));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 576, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 576, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[1].value\" by writing 64 characters from \"ctl_see(vquit)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 574| ", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| c[0].name = \"intr\";\t\tstrcpy(c[0].value, ctl_see(vintr));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576|-> c[1].name = \"quit\";\t\tstrcpy(c[1].value, ctl_see(vquit));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| c[2].name = \"erase\";\tstrcpy(c[2].value, ctl_see(verase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| c[3].name = \"kill\";\t\tstrcpy(c[3].value, ctl_see(vkill));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 577, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 577, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[2].value\" by writing 64 characters from \"ctl_see(verase)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 575| c[0].name = \"intr\";\t\tstrcpy(c[0].value, ctl_see(vintr));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| c[1].name = \"quit\";\t\tstrcpy(c[1].value, ctl_see(vquit));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577|-> c[2].name = \"erase\";\tstrcpy(c[2].value, ctl_see(verase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| c[3].name = \"kill\";\t\tstrcpy(c[3].value, ctl_see(vkill));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| c[4].name = \"eof\";\t\tstrcpy(c[4].value, ctl_see(veof));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 578, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 578, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[3].value\" by writing 64 characters from \"ctl_see(vkill)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 576| c[1].name = \"quit\";\t\tstrcpy(c[1].value, ctl_see(vquit));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| c[2].name = \"erase\";\tstrcpy(c[2].value, ctl_see(verase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578|-> c[3].name = \"kill\";\t\tstrcpy(c[3].value, ctl_see(vkill));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| c[4].name = \"eof\";\t\tstrcpy(c[4].value, ctl_see(veof));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| c[5].name = \"werase\";\tstrcpy(c[5].value, ctl_see(vwerase));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 579, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 579, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[4].value\" by writing 64 characters from \"ctl_see(veof)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 577| c[2].name = \"erase\";\tstrcpy(c[2].value, ctl_see(verase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| c[3].name = \"kill\";\t\tstrcpy(c[3].value, ctl_see(vkill));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579|-> c[4].name = \"eof\";\t\tstrcpy(c[4].value, ctl_see(veof));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| c[5].name = \"werase\";\tstrcpy(c[5].value, ctl_see(vwerase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581| c[6].name = \"rprnt\";\tstrcpy(c[6].value, ctl_see(vrprnt));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 580, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 580, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[5].value\" by writing 64 characters from \"ctl_see(vwerase)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 578| c[3].name = \"kill\";\t\tstrcpy(c[3].value, ctl_see(vkill));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| c[4].name = \"eof\";\t\tstrcpy(c[4].value, ctl_see(veof));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580|-> c[5].name = \"werase\";\tstrcpy(c[5].value, ctl_see(vwerase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581| c[6].name = \"rprnt\";\tstrcpy(c[6].value, ctl_see(vrprnt));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582| c[7].name = \"lnext\";\tstrcpy(c[7].value, ctl_see(vlnext));", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 581, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 581, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[6].value\" by writing 64 characters from \"ctl_see(vrprnt)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 579| c[4].name = \"eof\";\t\tstrcpy(c[4].value, ctl_see(veof));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| c[5].name = \"werase\";\tstrcpy(c[5].value, ctl_see(vwerase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581|-> c[6].name = \"rprnt\";\tstrcpy(c[6].value, ctl_see(vrprnt));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582| c[7].name = \"lnext\";\tstrcpy(c[7].value, ctl_see(vlnext));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| c[8].name = NULL;", + "verbosity_level": 1 + } + ] + }, + { + "checker": "STRING_OVERFLOW", + "cwe": 120, + "imp": 1, + "function": "linemode_chars", + "language": "c/c++", + "tool": "coverity", + "key_event_idx": 1, + "events": [ + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 582, + "event": "returned_string", + "message": "\"ctl_see\" returns a source buffer of 64 characters in size.", + "verbosity_level": 1 + }, + { + "file_name": "suite3270-4.0/Common/linemode.c", + "line": 582, + "event": "string_overflow", + "message": "You might overrun the 3-character destination string \"c[7].value\" by writing 64 characters from \"ctl_see(vlnext)\".", + "verbosity_level": 0 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 580| c[5].name = \"werase\";\tstrcpy(c[5].value, ctl_see(vwerase));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 581| c[6].name = \"rprnt\";\tstrcpy(c[6].value, ctl_see(vrprnt));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 582|-> c[7].name = \"lnext\";\tstrcpy(c[7].value, ctl_see(vlnext));", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 583| c[8].name = NULL;", + "verbosity_level": 1 + }, + { + "file_name": "", + "line": 0, + "event": "#", + "message": " 584| ", + "verbosity_level": 1 + } + ] + } + ] +} diff --git a/tests/csgrep/0044-csparser-new-key-evts-stdout.txt b/tests/csgrep/0044-csparser-new-key-evts-stdout.txt index 60e7df2a..711e7f6c 100644 --- a/tests/csgrep/0044-csparser-new-key-evts-stdout.txt +++ b/tests/csgrep/0044-csparser-new-key-evts-stdout.txt @@ -29,7 +29,7 @@ Error: GUARDED_BY_VIOLATION: pentaho-reporting-flow-engine-0.9.4/source/org/jfree/report/util/MemoryByteArrayOutputStream.java:185: missing_lock: Accessing "cursor" without holding lock "MemoryByteArrayOutputStream.this". Elsewhere, "org.jfree.report.util.MemoryByteArrayOutputStream.cursor" is accessed with "MemoryByteArrayOutputStream.this" held 5 out of 7 times. Error: LOCK_INVERSION: -ldapjdk-4.19/java-sdk/ldapjdk/netscape/ldap/LDAPConnThread.java:296: lock_acquire: Acquiring lock "LDAPConnThread.m_sendRequestLock". +ldapjdk-4.19/java-sdk/ldapjdk/netscape/ldap/LDAPConnThread.java:307: lock_order: Acquiring lock "LDAPConnThread.this" while holding "LDAPConnThread.m_sendRequestLock" conflicts with the lock order established elsewhere. Error: NESTING_INDENT_MISMATCH: qtbase-everywhere-src-5.11.1/qmake/library/qmakeevaluator.cpp:810: actual_if: The "else" clause indicated by the "dangling_else" event actually goes with this "if" statement, contrary to what its indentation suggests. @@ -53,7 +53,7 @@ Error: UNINTENDED_INTEGER_DIVISION: webrtc-audio-processing-0.3/webrtc/modules/audio_processing/beamformer/nonlinear_beamformer.cc:241: integer_division: Dividing integer expressions "51200UL" and "this->sample_rate_hz_", and then converting the integer quotient to type "float". Any remainder, or fractional part of the quotient, is ignored. Error: VOLATILE_ATOMICITY: -apache-tomcat-9.0.7.redhat-10-src/java/org/apache/tomcat/websocket/WsFrameBase.java:951: read_volatile: Reading "payloadWritten", a volatile field, without any lock held. +apache-tomcat-9.0.7.redhat-10-src/java/org/apache/tomcat/websocket/WsFrameBase.java:951: stale_update: Updating "payloadWritten" based on a stale value. Any intervening update in another thread is overwritten. Error: BAD_FREE (CWE-763): bind-9.11.3/lib/isc-pkcs11/mem.c:1608: incorrect_free: "mem_put" frees incorrect pointer "si". diff --git a/tests/csgrep/0070-csparser-included-from-note-stdout.txt b/tests/csgrep/0070-csparser-included-from-note-stdout.txt index 9681e156..d81647de 100644 --- a/tests/csgrep/0070-csparser-included-from-note-stdout.txt +++ b/tests/csgrep/0070-csparser-included-from-note-stdout.txt @@ -5,14 +5,14 @@ "cwe": 758, "language": "c/c++", "tool": "gcc", - "key_event_idx": 0, + "key_event_idx": 10, "events": [ { "file_name": "boost_1_75_0/boost/smart_ptr/detail/sp_thread_sleep.hpp", "line": 22, "event": "included_from", "message": "Included from here.", - "verbosity_level": 0 + "verbosity_level": 1 }, { "file_name": "boost_1_75_0/boost/smart_ptr/detail/yield_k.hpp", @@ -83,7 +83,7 @@ "column": 34, "event": "note", "message": "'#pragma message: The practice of declaring the Bind placeholders (_1, _2, ...) in the global namespace is deprecated. Please use + using namespace boost::placeholders, or define BOOST_BIND_GLOBAL_PLACEHOLDERS to retain the current behavior.'", - "verbosity_level": 1 + "verbosity_level": 0 }, { "file_name": "", @@ -127,14 +127,14 @@ "cwe": 758, "language": "c/c++", "tool": "gcc", - "key_event_idx": 0, + "key_event_idx": 11, "events": [ { "file_name": "boost_1_75_0/boost/smart_ptr/detail/sp_thread_sleep.hpp", "line": 22, "event": "included_from", "message": "Included from here.", - "verbosity_level": 0 + "verbosity_level": 1 }, { "file_name": "boost_1_75_0/boost/smart_ptr/detail/yield_k.hpp", @@ -212,7 +212,7 @@ "column": 34, "event": "note", "message": "'#pragma message: This header is deprecated. Use instead.'", - "verbosity_level": 1 + "verbosity_level": 0 }, { "file_name": "",